CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:C/I:C/A:C
EPSS
Percentile
88.8%
Multiple buffer overflows in Princeton WordNet (wn) 3.0 allow
context-dependent attackers to execute arbitrary code via (1) a long
argument on the command line; a long (2) WNSEARCHDIR, (3) WNHOME, or (4)
WNDBVERSION environment variable; or (5) a user-supplied dictionary (aka
data file). NOTE: since WordNet itself does not run with special
privileges, this issue only crosses privilege boundaries when WordNet is
invoked as a third party component.
Author | Note |
---|---|
jdstrand | per Debian-- 1:3.0-12 had a regression and the patch was slightly updated by 1:3.0-13 to fix this bug |