CVE-2023-46316 (https://sourceforge.net/projects/traceroute/files/traceroute/traceroute-2.1.3/): In buc Traceroute 2.0.12 through 2.1.2 before 2.1.3, the wrapper scripts do not properly parse command lines. I can't find any details, but please stabilize, I guess.
The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=4602274f3122ecef3c20b4758980705b8b026feb commit 4602274f3122ecef3c20b4758980705b8b026feb Author: John Helmert III <ajak@gentoo.org> AuthorDate: 2025-03-01 18:54:25 +0000 Commit: John Helmert III <ajak@gentoo.org> CommitDate: 2025-03-01 18:54:25 +0000 net-analyzer/traceroute: drop 2.1.1 Bug: https://bugs.gentoo.org/917769 Signed-off-by: John Helmert III <ajak@gentoo.org> net-analyzer/traceroute/Manifest | 1 - net-analyzer/traceroute/traceroute-2.1.1.ebuild | 31 ------------------------- 2 files changed, 32 deletions(-)
The CVE has a dead reference to Packet Storm Security with "privilege escalation" in the URL: http://packetstormsecurity.com/files/176660/Traceroute-2.1.2-Privilege-Escalation.html But it's hard to think of anything but a high complexity way to exploit command line handling for privilege escalation, so I think this is OK as a noglsa.
