CVSS: 9.8EPSS: 9%CPEs: 52EXPL: 1CVE-2008-2357
https://notcve.org/view.php?id=CVE-2008-2357
21 May 2008 — Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr. Desbordamiento de Búfer basado en pila de la función spot_redraw en split.c de m... • ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.1EPSS: 0%CPEs: 11EXPL: 0CVE-2004-1224
https://notcve.org/view.php?id=CVE-2004-1224
15 Dec 2004 — Off-by-one error in the mtr_curses_keyaction function for mtr 0.55 through 0.65 allows local users to hijack raw sockets, as demonstrated using the "s" keybinding, which leaves a buffer without a NULL terminator. • http://marc.info/?l=bugtraq&m=110279034910663&w=2 •