AI Score
Confidence
Low
EPSS
Percentile
52.7%
SSVC
Exploitation
none
Automatable
no
Technical Impact
total
boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER environment variable
[
{
"cpes": [
"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*"
],
"vendor": "debian",
"product": "debian_linux",
"versions": [
{
"status": "affected",
"version": "8.0"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*"
],
"vendor": "debian",
"product": "debian_linux",
"versions": [
{
"status": "affected",
"version": "9.0"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*"
],
"vendor": "debian",
"product": "debian_linux",
"versions": [
{
"status": "affected",
"version": "10.0"
}
],
"defaultStatus": "unknown"
},
{
"cpes": [
"cpe:2.3:a:nip2_project:nip2:8.4.0:*:*:*:*:*:*:*"
],
"vendor": "nip2_project",
"product": "nip2",
"versions": [
{
"status": "affected",
"version": "8.4.0"
}
],
"defaultStatus": "unknown"
}
]