CVE-2001-0735

Description

Buffer overflow in cfingerd 1.4.3 and earlier with the ALLOW_LINE_PARSING option enabled allows local users to execute arbitrary code via a long line in the .nofinger file.

How to fix CVE-2001-0735

To remediate CVE-2001-0735, upgrade the affected package to a fixed version below.

• Debian/cfingerd—upgrade to 1.4.3-1.1 or later

Is CVE-2001-0735 being exploited?

Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.

Affected packages (1)

• from 0, < 1.4.3-1.1

References (1)

• ADVISORYsecurity-tracker.debian.org/tracker/CVE-2001-0735