Vulnerability Database

296,147

Total vulnerabilities in the database

CVE-2002-1476

Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local attackers to execute arbitrary code via a user-controlled locale string that has more than 6 elements, which exceeds the boundaries of the new_categories category array, as exploitable through programs such as xterm and zsh.

  • Published: Apr 22, 2003
  • Updated: Apr 13, 2023
  • CVE: CVE-2002-1476
  • Severity: Low
  • Exploit:

CVSS v2:

  • Severity: Low
  • Score: 4.6
  • AV:L/AC:L/Au:N/C:P/I:P/A:P

No CWE or OWASP classifications available.

Software From Fixed in
netbsd / netbsd 1.5.3 1.5.3.x
netbsd / netbsd 1.5 1.5.x
netbsd / netbsd 1.6-beta 1.6-beta.x
netbsd / netbsd 1.5.1 1.5.1.x
netbsd / netbsd 1.5.2 1.5.2.x
netbsd / netbsd 1.4 1.4.x