CVE-2017-1000203
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2017-1000203
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-1000203.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-1000203
- Downstream
- Published
- 2017-11-17T15:29:00Z
- Modified
- 2025-10-21T04:07:12.715250Z
- Severity
-
- 8.8 (High) CVSS_V3 - CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
ROOT version 6.9.03 and below is vulnerable to an authenticated shell metacharacter injection in the rootd daemon resulting in remote code execution
- References
Affected packages
Git / github.com/root-project/root
Affected ranges
- Type
- GIT
- Repo
- https://github.com/root-project/root
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
Other
v5-99-03
v5-99-03-01
v5-99-03-02
v5-99-04
v5-99-05
v5-99-05-lhcb
v5-99-06
v6-00-00
v6-00-01
v6-01-03-CMS
v6-03-01-GEANT
v6-03-02
v6-03-04
v6-05-01
v6-05-02
v6-06-00-rc1
v6-07-01-ROOTaaS-1
v6-07-01-SMC
v6-07-02
v6-07-04
v6-07-06
v6-07-07-aliceml
v6-09-01
v6-09-02
Database specific
vanir_signatures
[
{
"source": "https://github.com/root-project/root/commit/88ccff152604e0f1012653a596d802ff7ede3145",
"target": {
"file": "net/rootd/src/rootd.cxx"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2017-1000203-2736e482",
"digest": {
"threshold": 0.9,
"line_hashes": [
"112753023390437046066680255894344038196",
"123517156889010714442384431770975206213",
"316444519080085037349782694753551987357",
"99093815412990079240702988467731680345",
"202818685289113151301455601335222845516",
"45564071615389063306530758253293505781",
"106043677250349546284345886655789412387",
"216580443221234638991361469579667427538",
"134412089892240625321618619413959954575",
"281007198327056708694369896553099641329",
"185962183112875217976978270617551524244",
"339924836535862577711667645239577510977",
"110084261224743742200629177155239205299",
"324009938050523312682388147983875585878",
"231636937828318955103526499952062922963",
"33459720310027446885026851630970123173",
"56683513029537715666673514504629674426",
"115381627506399952039611653178989822379",
"86020575512380833068849907091825749364",
"307648116939469869973742567850133921666",
"219945959980363813896675708453239637607",
"303901509278582510284215863623384858555",
"158047661268940066323867726847513633735",
"72976143901312775607729514441720552047",
"70775874039680259571162346915121337197",
"225584236103231754011084166541253116676",
"100922061659222136719594649956879290880",
"288850413661772075685715919060719766367",
"98169883291735485382111839410171923366",
"52924782885705114316567733726903285730",
"55675883973581524339662677944904579521",
"181563457620331410824485064497192167399",
"180197842868448626578640926002815727726",
"2765484493273865015285824152053262473",
"160610574935288005355579457149305971505",
"162270327565993380573405142810501620527",
"70007776433875758597923031275220715646",
"255618159532986291687774512489754334329",
"80965336328161819311447904291333075595",
"41224680307054186787987627257177511419",
"320121713036123163252532015636439111878",
"134590569041454291692296671813123903983",
"107944684708972575727944962796974179088",
"263942219941744514654057652285357765905",
"243121496701498707295568671820033839648",
"116615655696998485008977315936990093323",
"62639376307337962544579716271568128698",
"225556828926182832133132209119482477400",
"165003015741312680310387913810974896290",
"36066159252398843538500749807430620078",
"301333998832435912781535119339794965316",
"28269054716495731367265790651148266773",
"291673312580007308947693858185591999084",
"129670893985192603159624452774660968253",
"151964357557639302019744657912646911590",
"121757222430576452824634487216314630803",
"104379560390618016983286509338657484327",
"247097512253544022077169055387558657970",
"15714710988157363461761623186516069323",
"300821520990157970512367894808099727089",
"70184531578177693922528676928601531211",
"273454785728586583737859777090487396807",
"211224932529602829192173956870556600885",
"310772128750058862171876705087523246627",
"104154434686378432063864787242503033331",
"339855587731940272513500773794509192636",
"113788488836915161422153569599069093918",
"236008318659829831235326782589757587689",
"4784015926381732585071848264033975824",
"12156001560741619506851390858831396070",
"145593847246462578666687922795146421846",
"309850584636941694475302670793655137515",
"107222694161766417860077166476588736073",
"6926204206266658473475360331285094780",
"154924526926421383751932498116844474841",
"285294501526729698953075627659094625375",
"81198982305453458634991868954012477091",
"89162472561366542698066725936851827582",
"153519733002584630652622627453281608824",
"17775631045531039315537459832739560375",
"196961466819168363487964231666808190054",
"291636275074047172633574870226626830703",
"109776333268042549044925964133746605837",
"143108012570852904972787608972482361795",
"34188040184926727952430822167425886659",
"299611116597531704112681972313799712834",
"245364550258958990473126234918026981578",
"211416308056142327703101286156156981410",
"322040977545311111268855558642934136398",
"41409893408051260314970180125422032533"
]
},
"signature_type": "Line"
},
{
"source": "https://github.com/root-project/root/commit/88ccff152604e0f1012653a596d802ff7ede3145",
"target": {
"function": "EscChar",
"file": "net/rootd/src/rootd.cxx"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2017-1000203-65f5cbf5",
"digest": {
"length": 428.0,
"function_hash": "206517645880636505625366685285519061412"
},
"signature_type": "Function"
},
{
"source": "https://github.com/root-project/root/commit/88ccff152604e0f1012653a596d802ff7ede3145",
"target": {
"function": "RootdExpandPathName",
"file": "net/rootd/src/rootd.cxx"
},
"deprecated": false,
"signature_version": "v1",
"id": "CVE-2017-1000203-b4cfee45",
"digest": {
"length": 1779.0,
"function_hash": "54949823848819537940751754714504015652"
},
"signature_type": "Function"
}
]