Back
CVE-2000-0994
Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating systems) allows local users to gain root privileges via the PWD environmental variable.
Published: Dec 19, 2000
Modified: Apr 16, 2026
CVSS Metrics
Affected Products (5)
| Vendor | Product | Version |
|---|---|---|
| openbsd | openbsd | 2.3 |
| openbsd | openbsd | 2.4 |
| openbsd | openbsd | 2.5 |
| openbsd | openbsd | 2.6 |
| openbsd | openbsd | 2.7 |
GitHub Security Advisory GHSA-6xrp-2jm3-h54w
Format string vulnerability in OpenBSD fstat program (and possibly other BSD-based operating...
References (8)
- ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch Patch
- http://marc.info/?l=bugtraq&m=97068555106135&w=2
- http://www.securityfocus.com/bid/1746 Exploit, Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5338
- ftp://ftp.openbsd.org/pub/OpenBSD/patches/2.7/common/028_format_strings.patch Patch
- http://marc.info/?l=bugtraq&m=97068555106135&w=2
- http://www.securityfocus.com/bid/1746 Exploit, Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/5338
Risk Scores
CVSS Score
7.2 / 10
EPSS Score
0.42%
Top 38% most likely to be exploited
Threat Score
28.9 / 100
Data Sources
NVD
EPSS
GitHub