CVE-2000-0993 — Vulnetix

Try Vulnetix Request Demo

CVE-2000-0993 PUBLISHED CVSS 7.199999809265137 HIGH

Format string vulnerability in pw_error function in BSD libutil library allows local users to gain root privileges via a malformed password in commands such as chpass or passwd.

EPSS 0.23% · 45.6th percentile

Risk Scores

CVSS v2.0

7.199999809265137

EPSS Score

0.23%

45.6th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
openbsd	openbsd	2.7, 2.3, 2.4
freebsd	freebsd	4.0, 3.3, 3.4
netbsd	netbsd	1.4.1, 1.4.2, 1.4

Timeline

Dec 19, 2000 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

20001004 Re: OpenBSD Security Advisory mailing-list
1744 vdb
20001003 A format string vulnerability exists in the pw_error(3) function. vendor-advisory
NetBSD-SA2000-015 vendor-advisory
FreeBSD-SA-00:58 vendor-advisory
bsd-libutil-format(5339) vdb
https://nvd.nist.gov/vuln/detail/CVE-2000-0993 advisory

Open in Interactive Console →