FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

global -- gozilla vulnerability

Affected packages
4.8.6 <= global < 6.6.1

Details

VuXML ID 48cca164-e269-11e7-be51-6599c735afc8
Discovery 2017-12-11
Entry 2017-12-16

MITRE reports:

gozilla.c in GNU GLOBAL 4.8.6 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL.

References

CVE Name CVE-2017-17531
URL http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17531
URL http://lists.gnu.org/archive/html/info-global/2017-12/msg00001.html