CVE-2000-0844

Exp

Some functions that implement the locale subsystem on Unix do not properly cleanse user-injected format strings, which allows local attackers to execute arbitrary commands via functions such as gettext and catopen.

Published: 2000-11-14 Last update: 2026-04-16 Assigner: [email protected] Source: [email protected]
NVD Status:ModifiedCVE State: published
View at NVD, CVE.org, EUVD

CVE-2000-0844 is rated High Exploit Risk (81/100): CVSS Critical severity, with medium exploitation likelihood (EPSS 0.81%). 13 public exploit reference(s) are indexed (Exploit-DB). Public exploits are available—assess exposure, apply mitigations, and prioritize patching.

Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.

Public exploit references (Exploit-DB) for CVE-2000-0844

EDB-ID Source Kind Published Link
249 exploit_db edb 2003-01-15 Exploit-DB ↗
215 exploit_db edb 2000-12-02 Exploit-DB ↗
210 exploit_db edb 2000-11-30 Exploit-DB ↗
209 exploit_db edb 2000-11-30 Exploit-DB ↗
197 exploit_db edb 2000-11-20 Exploit-DB ↗
20186 exploit_db edb 2000-11-02 Exploit-DB ↗
20188 exploit_db edb 2000-09-08 Exploit-DB ↗
20185 exploit_db edb 2000-09-06 Exploit-DB ↗
20190 exploit_db edb 2000-09-04 Exploit-DB ↗
20189 exploit_db edb 2000-09-04 Exploit-DB ↗
20187 exploit_db edb 2000-09-04 Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗
nvd_ref exploit_tag Exploit-DB ↗

Exploit prediction scoring system (EPSS) score for CVE-2000-0844

EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).

# Date Old EPSS score New EPSS score Delta (New - Old)
1 2026-05-07 0.89% 0.81% -0.08%
2 2025-03-30 1.45% 0.89% -0.56%
3 2025-03-29 1.45%

Full EPSS history (8 records total)

Common vulnerability scoring system (CVSS) metrics for CVE-2000-0844

CVSS metrics for this CVE.

Base score Version Severity Vector Exploitability Impact Score source
10.0 2.0 HIGH
AV:N/AC:L/Au:N/C:C/I:C/A:C Click to expand
Access vector (AV:N)
Can be exploited remotely over network reachability.
Access complexity (AC:L)
Exploitation conditions are straightforward and predictable.
Authentication (AU:N)
No authentication is required.
Confidentiality impact (C:C)
Complete confidentiality impact.
Integrity impact (I:C)
Complete integrity impact.
Availability impact (A:C)
Complete availability impact.
 10.0 10.0 [email protected]

Weakness enumeration for CVE-2000-0844

OS Trackers for CVE-2000-0844

vendor priority summary link
redhat https://access.redhat.com/security/cve/CVE-2000-0844

Affected software / configurations for CVE-2000-0844

Vendor Product Version Raw CPE
caldera openlinux_ebuilder 3.0 cpe:2.3:a:caldera:openlinux_ebuilder:3.0:*:*:*:*:*:*:*
immunix immunix 6.2 cpe:2.3:a:immunix:immunix:6.2:*:*:*:*:*:*:*
conectiva linux 4.0 cpe:2.3:o:conectiva:linux:4.0:*:*:*:*:*:*:*
conectiva linux 4.0es cpe:2.3:o:conectiva:linux:4.0es:*:*:*:*:*:*:*
conectiva linux 4.1 cpe:2.3:o:conectiva:linux:4.1:*:*:*:*:*:*:*
conectiva linux 4.2 cpe:2.3:o:conectiva:linux:4.2:*:*:*:*:*:*:*
conectiva linux 5.0 cpe:2.3:o:conectiva:linux:5.0:*:*:*:*:*:*:*
conectiva linux 5.1 cpe:2.3:o:conectiva:linux:5.1:*:*:*:*:*:*:*
sgi irix 6.2 cpe:2.3:o:sgi:irix:6.2:*:*:*:*:*:*:*
sgi irix 6.3 cpe:2.3:o:sgi:irix:6.3:*:*:*:*:*:*:*
sgi irix 6.4 cpe:2.3:o:sgi:irix:6.4:*:*:*:*:*:*:*
sgi irix 6.5 cpe:2.3:o:sgi:irix:6.5:*:*:*:*:*:*:*
sgi irix 6.5.1 cpe:2.3:o:sgi:irix:6.5.1:*:*:*:*:*:*:*
sgi irix 6.5.2m cpe:2.3:o:sgi:irix:6.5.2m:*:*:*:*:*:*:*
sgi irix 6.5.3 cpe:2.3:o:sgi:irix:6.5.3:*:*:*:*:*:*:*
sgi irix 6.5.3f cpe:2.3:o:sgi:irix:6.5.3f:*:*:*:*:*:*:*
sgi irix 6.5.3m cpe:2.3:o:sgi:irix:6.5.3m:*:*:*:*:*:*:*
sgi irix 6.5.4 cpe:2.3:o:sgi:irix:6.5.4:*:*:*:*:*:*:*
sgi irix 6.5.6 cpe:2.3:o:sgi:irix:6.5.6:*:*:*:*:*:*:*
sgi irix 6.5.7 cpe:2.3:o:sgi:irix:6.5.7:*:*:*:*:*:*:*
sgi irix 6.5.8 cpe:2.3:o:sgi:irix:6.5.8:*:*:*:*:*:*:*
caldera openlinux cpe:2.3:o:caldera:openlinux:*:*:*:*:*:*:*:*
caldera openlinux_eserver 2.3 cpe:2.3:o:caldera:openlinux_eserver:2.3:*:*:*:*:*:*:*
debian debian_linux 2.0 cpe:2.3:o:debian:debian_linux:2.0:*:*:*:*:*:*:*
debian debian_linux 2.1 cpe:2.3:o:debian:debian_linux:2.1:*:*:*:*:*:*:*
debian debian_linux 2.2 cpe:2.3:o:debian:debian_linux:2.2:*:*:*:*:*:*:*
debian debian_linux 2.3 cpe:2.3:o:debian:debian_linux:2.3:*:*:*:*:*:*:*
ibm aix 3.2 cpe:2.3:o:ibm:aix:3.2:*:*:*:*:*:*:*
ibm aix 3.2.4 cpe:2.3:o:ibm:aix:3.2.4:*:*:*:*:*:*:*
ibm aix 3.2.5 cpe:2.3:o:ibm:aix:3.2.5:*:*:*:*:*:*:*
ibm aix 4.0 cpe:2.3:o:ibm:aix:4.0:*:*:*:*:*:*:*
ibm aix 4.1 cpe:2.3:o:ibm:aix:4.1:*:*:*:*:*:*:*
ibm aix 4.1.1 cpe:2.3:o:ibm:aix:4.1.1:*:*:*:*:*:*:*
ibm aix 4.1.2 cpe:2.3:o:ibm:aix:4.1.2:*:*:*:*:*:*:*
ibm aix 4.1.3 cpe:2.3:o:ibm:aix:4.1.3:*:*:*:*:*:*:*
ibm aix 4.1.4 cpe:2.3:o:ibm:aix:4.1.4:*:*:*:*:*:*:*
ibm aix 4.1.5 cpe:2.3:o:ibm:aix:4.1.5:*:*:*:*:*:*:*
ibm aix 4.2 cpe:2.3:o:ibm:aix:4.2:*:*:*:*:*:*:*
ibm aix 4.2.1 cpe:2.3:o:ibm:aix:4.2.1:*:*:*:*:*:*:*
ibm aix 4.3 cpe:2.3:o:ibm:aix:4.3:*:*:*:*:*:*:*
ibm aix 4.3.1 cpe:2.3:o:ibm:aix:4.3.1:*:*:*:*:*:*:*
ibm aix 4.3.2 cpe:2.3:o:ibm:aix:4.3.2:*:*:*:*:*:*:*
mandrakesoft mandrake_linux 7.0 cpe:2.3:o:mandrakesoft:mandrake_linux:7.0:*:*:*:*:*:*:*
mandrakesoft mandrake_linux 7.1 cpe:2.3:o:mandrakesoft:mandrake_linux:7.1:*:*:*:*:*:*:*
redhat linux 5.0 cpe:2.3:o:redhat:linux:5.0:*:*:*:*:*:*:*
redhat linux 5.1 cpe:2.3:o:redhat:linux:5.1:*:*:*:*:*:*:*
redhat linux 5.2 cpe:2.3:o:redhat:linux:5.2:*:*:*:*:*:*:*
redhat linux 6.0 cpe:2.3:o:redhat:linux:6.0:*:*:*:*:*:*:*
redhat linux 6.1 cpe:2.3:o:redhat:linux:6.1:*:*:*:*:*:*:*
redhat linux 6.2 cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*
slackware slackware_linux 7.0 cpe:2.3:o:slackware:slackware_linux:7.0:*:*:*:*:*:*:*
slackware slackware_linux 7.1 cpe:2.3:o:slackware:slackware_linux:7.1:*:*:*:*:*:*:*
sun solaris 2.6 cpe:2.3:o:sun:solaris:2.6:*:*:*:*:*:*:*
sun sunos 5.0 cpe:2.3:o:sun:sunos:5.0:*:*:*:*:*:*:*
sun sunos 5.1 cpe:2.3:o:sun:sunos:5.1:*:*:*:*:*:*:*
sun sunos 5.2 cpe:2.3:o:sun:sunos:5.2:*:*:*:*:*:*:*
sun sunos 5.3 cpe:2.3:o:sun:sunos:5.3:*:*:*:*:*:*:*
sun sunos 5.4 cpe:2.3:o:sun:sunos:5.4:*:*:*:*:*:*:*
sun sunos 5.5 cpe:2.3:o:sun:sunos:5.5:*:*:*:*:*:*:*
sun sunos 5.5.1 cpe:2.3:o:sun:sunos:5.5.1:*:*:*:*:*:*:*
sun sunos 5.7 cpe:2.3:o:sun:sunos:5.7:*:*:*:*:*:*:*
sun sunos 5.8 cpe:2.3:o:sun:sunos:5.8:*:*:*:*:*:*:*
suse suse_linux 6.1 cpe:2.3:o:suse:suse_linux:6.1:*:*:*:*:*:*:*
suse suse_linux 6.2 cpe:2.3:o:suse:suse_linux:6.2:*:*:*:*:*:*:*
suse suse_linux 6.3 cpe:2.3:o:suse:suse_linux:6.3:*:*:*:*:*:*:*
suse suse_linux 6.4 cpe:2.3:o:suse:suse_linux:6.4:*:*:*:*:*:*:*
suse suse_linux 7.0 cpe:2.3:o:suse:suse_linux:7.0:*:*:*:*:*:*:*
trustix secure_linux 1.0 cpe:2.3:o:trustix:secure_linux:1.0:*:*:*:*:*:*:*
trustix secure_linux 1.1 cpe:2.3:o:trustix:secure_linux:1.1:*:*:*:*:*:*:*
turbolinux turbolinux 6.0 cpe:2.3:o:turbolinux:turbolinux:6.0:*:*:*:*:*:*:*
turbolinux turbolinux 6.0.1 cpe:2.3:o:turbolinux:turbolinux:6.0.1:*:*:*:*:*:*:*
turbolinux turbolinux 6.0.2 cpe:2.3:o:turbolinux:turbolinux:6.0.2:*:*:*:*:*:*:*
turbolinux turbolinux 6.0.3 cpe:2.3:o:turbolinux:turbolinux:6.0.3:*:*:*:*:*:*:*
turbolinux turbolinux 6.0.4 cpe:2.3:o:turbolinux:turbolinux:6.0.4:*:*:*:*:*:*:*

References for CVE-2000-0844

URL Tags
ftp://patches.sgi.com/support/free/security/advisories/20000901-01-P
http://archives.neohapsis.com/archives/bugtraq/2000-08/0436.html
http://archives.neohapsis.com/archives/bugtraq/2000-08/0457.html Exploit Patch Vendor Advisory
http://archives.neohapsis.com/archives/bugtraq/2000-10/0427.html
http://archives.neohapsis.com/archives/tru64/2000-q4/0000.html
http://www.calderasystems.com/support/security/advisories/CSSA-2000-030.0.txt
http://www.debian.org/security/2000/20000902
http://www.novell.com/linux/security/advisories/adv5_draht_glibc_txt.html
http://www.redhat.com/support/errata/RHSA-2000-057.html
http://www.securityfocus.com/bid/1634 Exploit Patch Vendor Advisory
http://www.turbolinux.com/pipermail/tl-security-announce/2000-September/000020.html
https://exchange.xforce.ibmcloud.com/vulnerabilities/5176
cvelogic Threat Intelligence