Buffer Overflow in setlocale in libc on NetBSD 1.4.x through 1.6 and other operating systems

Buffer Overflow in setlocale in libc on NetBSD 1.4.x through 1.6 and other operating systems

CVE-2002-1476 · MEDIUM Severity

AV:L/AC:L/AU:N/C:P/I:P/A:P

Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local attackers to execute arbitrary code via a user-controlled locale string that has more than 6 elements, which exceeds the boundaries of the new_categories category array, as exploitable through programs such as xterm and zsh.

Learn more about our Cis Benchmark Audit For Operating Systems.