9.3

CVE-2008-0965

Multiple format string vulnerabilities in snoop on Sun Solaris 8 through 10 and OpenSolaris before snv_96, when the -o option is omitted, allow remote attackers to execute arbitrary code via format string specifiers in an SMB packet.

Data is provided by the National Vulnerability Database (NVD)
SunOpensolaris Editionsparc
SunOpensolaris Editionx86
SunOpensolaris Version <= build_snv_95
SunOpensolaris Versionbuild_snv_01
SunOpensolaris Versionbuild_snv_02
SunOpensolaris Versionbuild_snv_13
SunOpensolaris Versionbuild_snv_19
SunOpensolaris Versionbuild_snv_22
SunOpensolaris Versionbuild_snv_64
SunOpensolaris Versionbuild_snv_88
SunOpensolaris Versionbuild_snv_89
SunOpensolaris Versionbuild_snv_91
SunOpensolaris Versionbuild_snv_92
SunSolaris Version8 Editionsparc
SunSolaris Version8 Editionx86
SunSolaris Version9 Editionsparc
SunSolaris Version9 Editionx86
SunSolaris Version10 Editionsparc
SunSolaris Version10 Editionx86
SunSunos Version5.8
SunSunos Version5.9
SunSunos Version5.10
Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.
EPSS Metriken
Type Source Score Percentile
EPSS FIRST.org 16.33% 0.946
CVSS Metriken
Source Base Score Exploit Score Impact Score Vector string
nvd@nist.gov 9.3 8.6 10
AV:N/AC:M/Au:N/C:C/I:C/A:C
CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.