Vulnerability Report

CVE-2005-2772

RCE

Title: University of Minnesota gopher client multiple stack-based buffer overflows

RCE

Proof Of Concept

PoC Available for CVE-2005-2772

CWE Category NVD-CWE-noinfo
Published Date Sep 02, 2005
Modified Date Apr 03, 2025
Exploit Status Available
Score 7.5 CVSS v2.0
Exploit Probability (EPSS)
33.13%

Vulnerability Summary

CVE-2005-2772: Multiple stack-based buffer overflows in University of Minnesota gopher client 3.0.9 allow remote malicious servers to execute arbitrary code via (1) a long "+VIEWS:" reply, which is not properly handled in the VIfromLine function, and (2) certain arguments when launching third party programs such as a web browser from a web link, which is not properly handled in the FIOgetargv function.

Impacted Vendors

U
university_of_minnesota 1

Reference Links

http://marc.info/?l=bugtraq&m=112559902931614&w=2 http://secunia.com/advisories/16614/ http://secunia.com/advisories/17016 http://www.debian.org/security/2005/dsa-832 http://www.kb.cert.org/vuls/id/619812 http://www.securityfocus.com/bid/14693 https://exchange.xforce.ibmcloud.com/vulnerabilities/22053 http://marc.info/?l=bugtraq&m=112559902931614&w=2 http://secunia.com/advisories/16614/ http://secunia.com/advisories/17016 http://www.debian.org/security/2005/dsa-832 http://www.kb.cert.org/vuls/id/619812 http://www.securityfocus.com/bid/14693 https://exchange.xforce.ibmcloud.com/vulnerabilities/22053
CVSS v2.0
Source Entity [email protected]
Severity HIGH
7.5
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:L/Au:N/C:P/I:P/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2005-2772 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/1187
View Code
MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector N/A
Complexity N/A
Privileges N/A
Interaction NONE
CVSS Vector String AV:N/AC:L/Au:N/C:P/I:P/A:P

Affected Stack

No specific products linked.