CVE-1999-0137

dip - Local Buffer Overflow

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-1999-0137. PoCs published by pr10n, jamez.

AI-analyzed exploit summary This exploit targets a buffer overflow vulnerability in dip-3.3.7o via an sprintf() call in main.c. It uses a standard stack-based overflow with NOP sled and shellcode to spawn a shell.

Description

The dip program on many Linux systems allows local users to gain root access via a buffer overflow.

Exploits (2)

exploitdb WORKING POC VERIFIED
by pr10n · clocallinux
https://www.exploit-db.com/exploits/19078

This exploit targets a buffer overflow vulnerability in dip-3.3.7o via an sprintf() call in main.c. It uses a standard stack-based overflow with NOP sled and shellcode to spawn a shell.

Classification
Working Poc 95%
Attack Type
Lpe
Complexity
Moderate
Reliability
Reliable
Target: dip-3.3.7o
No auth needed
Prerequisites: dip installed setuid · Linux x86 environment
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC VERIFIED
by jamez · clocallinux
https://www.exploit-db.com/exploits/19077

This exploit targets a buffer overflow vulnerability in dip-3.3.7o via an sprintf() call in main.c. It uses shellcode to spawn a shell and leverages stack manipulation to achieve remote code execution.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: dip-3.3.7o
No auth needed
Prerequisites: dip-3.3.7o installed setuid · ability to execute the binary
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (1)

Core 1
Core References
Third Party Advisory, VDB Entry x_refsource_misc
https://exchange.xforce.ibmcloud.com/vulnerabilities/CVE-1999-0137

Scores

EPSS 0.0086
EPSS Percentile 53.7%

Details

Status published
Products (1)
fred_n._van_kempen/dip 3.3.7o
Published Jul 09, 1996
Tracked Since Feb 18, 2026