CVSS: 9.8EPSS: 9%CPEs: 52EXPL: 1CVE-2008-2357
https://notcve.org/view.php?id=CVE-2008-2357
21 May 2008 — Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr. Desbordamiento de Búfer basado en pila de la función spot_redraw en split.c de m... • ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.8EPSS: 0%CPEs: 1EXPL: 1CVE-2002-0497
https://notcve.org/view.php?id=CVE-2002-0497
12 Aug 2002 — Buffer overflow in mtr 0.46 and earlier, when installed setuid root, allows local users to access a raw socket via a long MTR_OPTIONS environment variable. • http://archives.neohapsis.com/archives/bugtraq/2002-03/0048.html •
CVSS: 7.8EPSS: 0%CPEs: 6EXPL: 1CVE-2000-0172 – Matt Kimball and Roger Wolff mtr 0.28/0.41 / Turbolinux 3.5 b2/4.2/4.4/6.0 - mtr
https://notcve.org/view.php?id=CVE-2000-0172
03 Mar 2000 — The mtr program only uses a seteuid call when attempting to drop privileges, which could allow local users to gain root privileges. • https://www.exploit-db.com/exploits/19796 •