CVE-2011-2903
tcptrack < 1.4.2 - Heap-Based Buffer Overflow via Long Command Line Argument
Title source: llmDescription
Heap-based buffer overflow in tcptrack before 1.4.2 might allow attackers to execute arbitrary code via a long command line argument. NOTE: this is only a vulnerability in limited scenarios in which tcptrack is "configured as a handler for other applications." This issue might not qualify for inclusion in CVE.
References (7)
Core 7
Core References
Patch x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=729096
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/69467
Patch x_refsource_confirm
http://www.rhythm.cx/~steve/devel/tcptrack/
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/49352
Issue Tracking x_refsource_confirm
https://bugs.gentoo.org/show_bug.cgi?id=377917
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/08/31/1
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2011/q3/293
Scores
EPSS
0.0233
EPSS Percentile
81.6%
Details
CWE
CWE-119
Status
published
Products (14)
rhythm/tcptrack
1.0.0
rhythm/tcptrack
1.0.1
rhythm/tcptrack
1.0.2
rhythm/tcptrack
1.1 (2 CPE variants)
rhythm/tcptrack
1.1.0
rhythm/tcptrack
1.1.1
rhythm/tcptrack
1.1.2
rhythm/tcptrack
1.1.3
rhythm/tcptrack
1.1.4
rhythm/tcptrack
1.1.5
... and 4 more
Published
Sep 02, 2011
Tracked Since
Feb 18, 2026