Heap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Findutils | Gnu | 4.0 (including) | 4.0 (including) |
Findutils | Gnu | 4.1 (including) | 4.1 (including) |
Findutils | Gnu | 4.2.28 (including) | 4.2.28 (including) |
Findutils | Gnu | 4.2.29 (including) | 4.2.29 (including) |
Findutils | Gnu | 4.2.30 (including) | 4.2.30 (including) |