CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-49809
https://notcve.org/view.php?id=CVE-2025-49809
04 Jul 2025 — mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTR_PACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries. • https://github.com/Homebrew/homebrew-core/issues/35085 • CWE-829: Inclusion of Functionality from Untrusted Control Sphere •
CVSS: 9.8EPSS: 7%CPEs: 52EXPL: 1CVE-2008-2357 – Debian Linux Security Advisory 1587-1
https://notcve.org/view.php?id=CVE-2008-2357
21 May 2008 — Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr. Desbordamiento de Búfer basado en pila de la función spot_redraw en split.c de m... • ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2000-0172 – Matt Kimball and Roger Wolff mtr 0.28/0.41 / Turbolinux 3.5 b2/4.2/4.4/6.0 - mtr
https://notcve.org/view.php?id=CVE-2000-0172
03 Mar 2000 — The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges. • https://www.exploit-db.com/exploits/19796 •