4.6 Medium
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:L/AC:L/Au:N/C:P/I:P/A:P
0.001 Low
EPSS
Percentile
23.7%
DISPUTED Buffer overflow in sethdlc.c in the Asterisk Zaptel 1.4.5.1
might allow local users to gain privileges via a long device name
(interface name) in the ifr_name field. NOTE: the vendor disputes this
issue, stating that the application requires root access, so privilege
boundaries are not crossed.
Author | Note |
---|---|
fujitsu | Not a security vulnerability, as the attacker would need to run the code as root, so there are no privileges to gain. |
mdeslaur | if it’s not an issue, let’s ignore this |