Patrik Hornik

**Name of the Vulnerable Software and Affected Versions** slocate versions 2.6 through 2.7 **Description** The issue is related to multiple vulnerabilities in the slocate package, which can lead to a breach of confidentiality, integrity, and availability of protected information. A heap-based buffer overflow in the main.c file of slocate version 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative `pathlen` value to be used. The vulnerability can be exploited locally. **Recommendations** For slocate version 2.6, consider restricting access to the slocate database to minimize the risk of exploitation. For slocate version 2.7, avoid using the vulnerable package until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.