CVE-2014-6262

Sažetak

Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131.

Reference

https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing
https://www.securityfocus.com/bid/71540
http://www.kb.cert.org/vuls/id/449452
https://github.com/oetiker/rrdtool-1.x/commit/64ed5314af1255ab6dded45f70b39cdeab5ae2ec
https://github.com/oetiker/rrdtool-1.x/pull/532
https://github.com/oetiker/rrdtool-1.x/commit/85261a013112e278c90224033f5b0592ee387786
https://lists.debian.org/debian-lts-announce/2020/03/msg00000.html
https://lists.debian.org/debian-lts-announce/2020/03/msg00003.html

CVSS

Base:	5.0
Impact:	2.9
Exploitability:	10.0

Pristup

Vektor	Složenost	Autentikacija
NETWORK	LOW	NONE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:N/AC:L/Au:N/C:N/I:N/A:P

Zadnje važnije ažuriranje

01-01-2022 - 19:51

Objavljeno

12-02-2020 - 02:15