CVE-2002-2099 — HIGH (7.2) — White Hats Nepal

Vulnerability Description

Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows local users to execute arbitrary code and possibly gain privileges via a long HOME environment variable. NOTE: since DDD is not installed setuid or setgid, perhaps this issue should not be included in CVE.

CVSS Score

7.2

HIGH

AV:L/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Gnu	Data Display Debugger	3.3.1

References

http://securitytracker.com/id?1003241ExploitVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/7979
http://securitytracker.com/id?1003241ExploitVendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/7979

FAQ

What is CVE-2002-2099?

CVE-2002-2099 is a vulnerability with a CVSS score of 7.2 (HIGH). Buffer overflow in the GNU DataDisplay Debugger (DDD) 3.3.1 allows local users to execute arbitrary code and possibly gain privileges via a long HOME environment variable. NOTE: since DDD is not inst...

How severe is CVE-2002-2099?

CVE-2002-2099 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2002-2099?

Check the references section above for vendor advisories and patch information. Affected products include: Gnu Data Display Debugger.