VDB

GCVE-VVD-CERTCC-1999-38336

GCVE-VVD-CERTCC-1999-38336
Advisory Published
Vulnetix · Advisory published May 16, 2000
From the reporter: Time-interval parsing for the "-r" and "-l" command-line options calls a library routine which uses sscanf("%d%[d]") and passes the address of an automatic int variable to correspond to the second %-sequence. But the %[ sequence needs an arbitrarily large string buffer. So it's possible to get an arbitrary-length string consisting entirely of the letter 'd' written to the stack. Other sscanf formats it tries to use will also allow a string of 'h', 'm', or 's' characters to be written, with all characters the same in any string. Impact: Local user may be able to crash the machine by overwriting the stack with the characters 'd', 'h', 'm', or 's'
Download JSON Open in Console

Risk Scores

certcc-cam
certcc-cam
impact0population0exploitation0widely_known0score_current0ease_of_exploitation0

Aliases

CVE-2000-0392

Transitive aliases

GHSA-9jwp-q2wm-62whGSD-2000-0392

References

MIT Kerberos 5 ksu may allow either the '-r' or '-l' time-interval parameter to overflow the stack with the characters ''d', 'h', 'm', or 's'
advisory
MIT Kerberos 5 ksu may allow either the '-r' or '-l' time-interval parameter to overflow the stack with the characters ''d', 'h', 'm', or 's'
advisory

Browse GCVE Records

100 records in the GCVE database · Updated April 16, 2026

No matching records found.

Explore Further

Investigate this vulnerability in the interactive console or download the raw GCVE record.

Open in Console Download JSON
$ Console Community · 100/wk Open console ›