4.6

CVE-2006-2409

Format string vulnerability in the raydium_log function in console.c in Raydium before SVN revision 310 allows local users to execute arbitrary code via format string specifiers in the format parameter, which are not properly handled in a call to raydium_console_line_add.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RaydiumRaydium Versionsvn_revision_283
RaydiumRaydium Versionsvn_revision_284
RaydiumRaydium Versionsvn_revision_285
RaydiumRaydium Versionsvn_revision_286
RaydiumRaydium Versionsvn_revision_287
RaydiumRaydium Versionsvn_revision_288
RaydiumRaydium Versionsvn_revision_289
RaydiumRaydium Versionsvn_revision_290
RaydiumRaydium Versionsvn_revision_291
RaydiumRaydium Versionsvn_revision_292
RaydiumRaydium Versionsvn_revision_293
RaydiumRaydium Versionsvn_revision_294
RaydiumRaydium Versionsvn_revision_295
RaydiumRaydium Versionsvn_revision_296
RaydiumRaydium Versionsvn_revision_297
RaydiumRaydium Versionsvn_revision_298
RaydiumRaydium Versionsvn_revision_299
RaydiumRaydium Versionsvn_revision_300
RaydiumRaydium Versionsvn_revision_301
RaydiumRaydium Versionsvn_revision_302
RaydiumRaydium Versionsvn_revision_303
RaydiumRaydium Versionsvn_revision_304
RaydiumRaydium Versionsvn_revision_305
RaydiumRaydium Versionsvn_revision_306
RaydiumRaydium Versionsvn_revision_307
RaydiumRaydium Versionsvn_revision_308
RaydiumRaydium Versionsvn_revision_309
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.24% 0.447
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 4.6 3.9 6.4
AV:L/AC:L/Au:N/C:P/I:P/A:P
CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.