CVE-2003-0848

Name of the Vulnerable Software and Affected Versions slocate versions 2.6 through 2.7

Description The issue is related to multiple vulnerabilities in the slocate package, which can lead to a breach of confidentiality, integrity, and availability of protected information. A heap-based buffer overflow in the main.c file of slocate version 2.6, and possibly other versions, may allow local users to gain privileges via a modified slocate database that causes a negative pathlen value to be used. The vulnerability can be exploited locally.

Recommendations For slocate version 2.6, consider restricting access to the slocate database to minimize the risk of exploitation. For slocate version 2.7, avoid using the vulnerable package until a patch is available. At the moment, there is no information about a newer version that contains a fix for this vulnerability.