PUBLISHED DATE: December 31, 1999CVE-1999-1330:
Buffer Overflow Vulnerability

Description

The snprintf function in the db library 1.85.4 ignores the size parameter, which could allow attackers to exploit buffer overflows that would be prevented by a properly implemented snprintf.

Products

• Debian GNU/Linux 4.0
• Debian Linux 4.0 Alpha Edition
• Debian Linux 4.0 AMD64 Edition
• Debian Linux 4.0 ARM Edition
• Debian Linux 4.0 HPPA Edition
• Debian Linux 4.0 IA-32 Edition
• Debian Linux 4.0 IA-64 Edition
• Debian Linux 4.0 M68K Edition
• Debian Linux 4.0 MIPS Edition
• Debian Linux 4.0 MIPSEL Edition
• Debian Linux 4.0 PowerPC Edition
• Debian Linux 4.0 S-390 Edition
• Debian Linux 4.0 Sparc Edition
• Red Hat Linux 4.2

Questions to Ask Vendors

1. Can you confirm whether your systems are affected by CVE-1999-1330, and if so, what steps are you currently taking to mitigate this vulnerability?
2. What is your estimated timeline for fully resolving CVE-1999-1330 in your products or services, and how will you communicate updates on this issue to us as your customer?

Recommended Actions

• Check out the advisory links provided below.

References

• https://nvd.nist.gov/vuln/detail/CVE-1999-1330