cpe:/a:rhythm:tcptrack:1.0.0 cpe:/a:rhythm:tcptrack:1.0.1 cpe:/a:rhythm:tcptrack:1.0.2 cpe:/a:rhythm:tcptrack:1.1 cpe:/a:rhythm:tcptrack:1.1:beta1 cpe:/a:rhythm:tcptrack:1.1.0 cpe:/a:rhythm:tcptrack:1.1.1 cpe:/a:rhythm:tcptrack:1.1.2 cpe:/a:rhythm:tcptrack:1.1.3 cpe:/a:rhythm:tcptrack:1.1.4 cpe:/a:rhythm:tcptrack:1.1.5 cpe:/a:rhythm:tcptrack:1.2.0 cpe:/a:rhythm:tcptrack:1.3.0 cpe:/a:rhythm:tcptrack:1.4.0 cpe:/a:rhythm:tcptrack:1.4.1 CVE-2011-2903 2011-09-02T12:55:05.677-04:00 2017-08-28T21:29:52.067-04:00 6.8 NETWORK MEDIUM NONE PARTIAL PARTIAL PARTIAL http://nvd.nist.gov 2011-09-02T14:35:00.000-04:00 BID 49352 MLIST [oss-security] 20110809 Re: CVE request: heap overflow in tcptrack < 1.4.2 MLIST [oss-security] 20110831 Re: CVE request: heap overflow in tcptrack < 1.4.2 CONFIRM http://www.rhythm.cx/~steve/devel/tcptrack/ CONFIRM https://bugs.gentoo.org/show_bug.cgi?id=377917 CONFIRM https://bugzilla.redhat.com/show_bug.cgi?id=729096 XF tcptrack-commandline-bo(69467) Heap-based buffer overflow in tcptrack before 1.4.2 might allow attackers to execute arbitrary code via a long command line argument. NOTE: this is only a vulnerability in limited scenarios in which tcptrack is "configured as a handler for other applications." This issue might not qualify for inclusion in CVE.