GNU Locate Old Format Locate Database Local Buffer Overflow Vulnerability

GNU Locate Old Format Locate Database Local Buffer Overflow Vulnerability

GNU locate is prone to a local heap-based buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before using it in a memory copy operation.

Exploiting this issue allows local attackers to overwrite memory with arbitrary data, potentially allowing them to execute malicious machine code in the context of the user running the affected application.

This issue affects GNU locate as found in GNU Findutils prior to 4.2.31.