7.5
CVE-2011-4357
- EPSS 2.18%
- Veröffentlicht 10.12.2011 17:55:01
- Zuletzt bearbeitet 11.04.2025 00:51:21
- Quelle secalert@redhat.com
- CVE-Watchlists
- Unerledigt
LoginFormat string vulnerability in the p_cgi_error function in python/neo_cgi.c in the Python CGI Kit (neo_cgi) module for Clearsilver 0.10.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are not properly handled when creating CGI error messages using the cgi_error API function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Brandon Long ≫ Clearsilver Version <= 0.10.5
Brandon Long ≫ Clearsilver Version0.1
Brandon Long ≫ Clearsilver Version0.2
Brandon Long ≫ Clearsilver Version0.2.1
Brandon Long ≫ Clearsilver Version0.3
Brandon Long ≫ Clearsilver Version0.4
Brandon Long ≫ Clearsilver Version0.5
Brandon Long ≫ Clearsilver Version0.6
Brandon Long ≫ Clearsilver Version0.7
Brandon Long ≫ Clearsilver Version0.7.1
Brandon Long ≫ Clearsilver Version0.7.2
Brandon Long ≫ Clearsilver Version0.8.0
Brandon Long ≫ Clearsilver Version0.8.1
Brandon Long ≫ Clearsilver Version0.9.0
Brandon Long ≫ Clearsilver Version0.9.1
Brandon Long ≫ Clearsilver Version0.9.2
Brandon Long ≫ Clearsilver Version0.9.3
Brandon Long ≫ Clearsilver Version0.9.6
Brandon Long ≫ Clearsilver Version0.9.7
Brandon Long ≫ Clearsilver Version0.9.14
Brandon Long ≫ Clearsilver Version0.10.1
Brandon Long ≫ Clearsilver Version0.10.2
Brandon Long ≫ Clearsilver Version0.10.3
Brandon Long ≫ Clearsilver Version0.10.4
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.18% | 0.838 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 10 | 6.4 |
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
CWE-134 Use of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.