CyberSec.Space Logo
Back to CVE Browser

CVE-2000-0352

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.0040%
EPSS Percentile39.65th
PublishedNov 18, 1999
Last ModifiedApr 16, 2026

Vulnerability Description

Pine before version 4.21 does not properly filter shell metacharacters from URLs, which allows remote attackers to execute arbitrary commands via a malformed URL.

Affected Platforms (CPE)

πŸ“¦
University Of Washington

Pine

= 4.20
πŸ“¦
University Of Washington

Pine

= 4.21

References & Advisories

πŸ”— ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-036.0.txt
πŸ”— http://www.novell.com/linux/security/advisories/suse_security_announce_36.html
πŸ”— http://www.securityfocus.com/bid/810
πŸ”— http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9911171818220.12375-100000%40ray.compu-aid.com
πŸ”— ftp://ftp.calderasystems.com/pub/OpenLinux/security/CSSA-1999-036.0.txt
πŸ”— http://www.novell.com/linux/security/advisories/suse_security_announce_36.html
πŸ”— http://www.securityfocus.com/bid/810
πŸ”— http://www.securityfocus.com/templates/archive.pike?list=1&msg=Pine.LNX.4.10.9911171818220.12375-100000%40ray.compu-aid.com

Related Vulnerabilities

CVE-2000-035310.0

Pine 4.x allows a remote attacker to execute arbitrary commands via an index.html file which executes lynx and obtains a uudecoded...

CVE-2002-23257.8

The c-client library in Internet Message Access Protocol (IMAP) dated before 2002 RC2, as used by Pine 4.20 through 4.44, allows r...

CVE-2000-08477.5

Buffer overflow in University of Washington c-client library (used by pine and other programs) allows remote attackers to execute ...

CVE-2000-09097.5

Buffer overflow in the automatic mail checking component of Pine 4.21 and earlier allows remote attackers to execute arbitrary com...