CVE-2018-1000532
MEDIUMbeep 1.3 and up - Denial of Service via Device Option Path Traversal
Title source: llmDescription
beep version 1.3 and up contains a External Control of File Name or Path vulnerability in --device option that can result in Local unprivileged user can inhibit execution of arbitrary programs by other users, allowing DoS. This attack appear to be exploitable via The system must allow local users to run beep.
References (1)
Core 1
Core References
Third Party Advisory x_refsource_misc
https://github.com/johnath/beep/issues/11#issuecomment-379514298
Scores
CVSS v3
4.7
EPSS
0.0035
EPSS Percentile
26.9%
Attack Vector
LOCAL
CVSS:3.0/AV:L/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-22
Status
published
Products (1)
beep_project/beep
1.3
Published
Jun 26, 2018
Tracked Since
Feb 18, 2026