VULHUB ™

libdb is an implementation of the Berkeley DB software package. It is distributed by SleepyCat software, and included with many operating systems. A problem in the package has been identified that may allow users to gain elevated privileges. The problem is due to the insecure wrapper implementation of a secure programming function. The implementation of snprintf used with libdb is a wrapper, and passes data to sprintf without size restrictions. It may be possible for an attacker to exploit a program using this version of snprintf, and execute code, potentially gaining elevated privileges or administrative access.

libdb is an implementation of the Berkeley DB software package. It is distributed by SleepyCat software, and included with many operating systems. A problem in the package has been identified that may allow users to gain elevated privileges. The problem is due to the insecure wrapper implementation of a secure programming function. The implementation of snprintf used with libdb is a wrapper, and passes data to sprintf without size restrictions. It may be possible for an attacker to exploit a program using this version of snprintf, and execute code, potentially gaining elevated privileges or administrative access.