|Description||Stack-based buffer overflow in kkstrtext.h in ktools library 0.3 and earlier, as used in products such as (1) centericq, (2) orpheus, (3) motor, and (4) groan, allows local users or remote attackers to execute arbitrary code via a long parameter to the VGETSTRING macro.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)|
|References||DSA-1083-1, DSA-1088-1, DTSA-23-1|
|Debian Bugs||340959, 368400, 368402|
The information below is based on the following data on fixed versions.
DTSA is for centericq only
This affects Sarge and Woody centericq
This affects Sarge and Woody motor