Multiple buffer overflows in LCDProc 0.4.1, and possibly other 0.4.x versions up to 0.4.4, allows remote attackers to execute arbitrary code via (1) a long invalid command to parse_all_client_messages function, or (2) long argv command to test_func_func function.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Lcdproc | Lcdproc | 0.3 (including) | 0.3 (including) |
Lcdproc | Lcdproc | 0.4 (including) | 0.4 (including) |
Lcdproc | Lcdproc | 0.4.1_r1 (including) | 0.4.1_r1 (including) |
Lcdproc | Lcdproc | 4.0 (including) | 4.0 (including) |
Lcdproc | Lcdproc | 4.1 (including) | 4.1 (including) |
Lcdproc | Lcdproc | 4.2 (including) | 4.2 (including) |
Lcdproc | Lcdproc | 4.3 (including) | 4.3 (including) |
Lcdproc | Lcdproc | 4.4 (including) | 4.4 (including) |