CVE-2007-2452

NameCVE-2007-2452
DescriptionHeap-based buffer overflow in the visit_old_format function in locate/locate.c in locate in GNU findutils before 4.2.31 might allow context-dependent attackers to execute arbitrary code via a long pathname in a locate database that has the old format, a different vulnerability than CVE-2001-1036.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs426862

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
findutils (PTS)bullseye4.8.0-1fixed
bookworm4.9.0-4fixed
sid, trixie4.10.0-3fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
findutilssourceetch4.2.28-1etch1low
findutilssource(unstable)4.2.31-1low426862

Notes

[sarge] - findutils <no-dsa> (Not vulnerable in default configuration, minor issue)

Search for package or bug name: Reporting problems