VULHUB ™

Spider has been reported prone to a heap overflow condition when handling HOME environment variables of excessive length. The issue presents itself, because a call to calloc() may allocate an insufficient buffer, under some circumstances. An attacker may lever this condition to corrupt adjacent malloc chunk headers with attacker-supplied data contained in a malicious 'HOME' environment variable. Although unconfirmed ultimately it may be possible that a local attacker may exploit this condition to execute arbitrary instructions with GID Games privileges.

Spider has been reported prone to a heap overflow condition when handling HOME environment variables of excessive length. The issue presents itself, because a call to calloc() may allocate an insufficient buffer, under some circumstances. An attacker may lever this condition to corrupt adjacent malloc chunk headers with attacker-supplied data contained in a malicious 'HOME' environment variable. Although unconfirmed ultimately it may be possible that a local attacker may exploit this condition to execute arbitrary instructions with GID Games privileges.