CVE-2011-2903

tcptrack < 1.4.2 - Heap-Based Buffer Overflow via Long Command Line Argument

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in tcptrack before 1.4.2 might allow attackers to execute arbitrary code via a long command line argument. NOTE: this is only a vulnerability in limited scenarios in which tcptrack is "configured as a handler for other applications." This issue might not qualify for inclusion in CVE.

References (7)

Core 7
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/69467
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/49352
Issue Tracking x_refsource_confirm
https://bugs.gentoo.org/show_bug.cgi?id=377917
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/08/31/1
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2011/q3/293

Scores

EPSS 0.0233
EPSS Percentile 81.6%

Details

CWE
CWE-119
Status published
Products (14)
rhythm/tcptrack 1.0.0
rhythm/tcptrack 1.0.1
rhythm/tcptrack 1.0.2
rhythm/tcptrack 1.1 (2 CPE variants)
rhythm/tcptrack 1.1.0
rhythm/tcptrack 1.1.1
rhythm/tcptrack 1.1.2
rhythm/tcptrack 1.1.3
rhythm/tcptrack 1.1.4
rhythm/tcptrack 1.1.5
... and 4 more
Published Sep 02, 2011
Tracked Since Feb 18, 2026