Mtr: Security Vulnerabilities
Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 through 0.65 allows local users to hijack raw sockets, as demonstrated using the "s" keybinding, which leaves a buffer without a NULL terminator.
CVSS Score
4.6
EPSS Score
0.003
Published
2005-01-10
Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a raw socket via a long MTR_OPTIONS environment variable.
CVSS Score
2.1
EPSS Score
0.005
Published
2002-08-12