CVE-2018-1000532

MEDIUM

beep 1.3 and up - Denial of Service via Device Option Path Traversal

Title source: llm
STIX 2.1

Description

beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users to run beep.

References (1)

Core 1
Core References

Scores

CVSS v3 4.7
EPSS 0.0035
EPSS Percentile 26.9%
Attack Vector LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-22
Status published
Products (1)
beep_project/beep 1.3
Published Jun 26, 2018
Tracked Since Feb 18, 2026