← CVECheck
HomeVulnerabilities

CVE-2002-1476 — MEDIUM severity vulnerability (Buffer overflow in setlocale in libc on NetBSD 1.4.x through)

Buffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local attackers to execute arbitrary code via a user-controlled locale string that has more than 6 elements, which exceeds the boundaries of the new_categories category ar

CVE IDCVE-2002-1476
SeverityMEDIUM
CVSS score4.6
CVSS vectorAV:L/AC:L/Au:N/C:P/I:P/A:P
CWENVD-CWE-Other
StatusModified
Published2003-04-22
Last modified2026-04-16
DescriptionBuffer overflow in setlocale in libc on NetBSD 1.4.x through 1.6, and possibly other operating systems, when called with the LC_ALL category, allows local attackers to execute arbitrary code via a user-controlled locale string that has more than 6 elements, which exceeds the boundaries of the new_categories category array, as exploitable through programs such as xterm and zsh.
SourceNIST National Vulnerability Database

🔍 Search all vulnerabilities →