7.5

CVE-2011-4357

EPSS 3.06%
Veröffentlicht 10.12.2011 17:55:01
Zuletzt bearbeitet 16.06.2026 23:34:50
Quelle secalert@redhat.com
CVE-Watchlists
Login
Unerledigt
Login

Format string vulnerability in the p_cgi_error function in python/neo_cgi.c in the Python CGI Kit (neo_cgi) module for Clearsilver 0.10.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are not properly handled when creating CGI error messages using the cgi_error API function.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 10

NVD 24 VulnDex Vulnerability Enrichment 0

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Brandon Long ≫ Clearsilver Version <= 0.10.5

Brandon Long ≫ Clearsilver Version0.1

Brandon Long ≫ Clearsilver Version0.2

Brandon Long ≫ Clearsilver Version0.2.1

Brandon Long ≫ Clearsilver Version0.3

Brandon Long ≫ Clearsilver Version0.4

Brandon Long ≫ Clearsilver Version0.5

Brandon Long ≫ Clearsilver Version0.6

Brandon Long ≫ Clearsilver Version0.7

Brandon Long ≫ Clearsilver Version0.7.1

Brandon Long ≫ Clearsilver Version0.7.2

Brandon Long ≫ Clearsilver Version0.8.0

Brandon Long ≫ Clearsilver Version0.8.1

Brandon Long ≫ Clearsilver Version0.9.0

Brandon Long ≫ Clearsilver Version0.9.1

Brandon Long ≫ Clearsilver Version0.9.2

Brandon Long ≫ Clearsilver Version0.9.3

Brandon Long ≫ Clearsilver Version0.9.6

Brandon Long ≫ Clearsilver Version0.9.7

Brandon Long ≫ Clearsilver Version0.9.14

Brandon Long ≫ Clearsilver Version0.10.1

Brandon Long ≫ Clearsilver Version0.10.2

Brandon Long ≫ Clearsilver Version0.10.3

Brandon Long ≫ Clearsilver Version0.10.4

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	3.06%	0.859

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	10	6.4	AV:N/AC:L/Au:N/C:P/I:P/A:P

CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://code.google.com/p/clearsilver/source/detail?r=919

http://osvdb.org/77419

http://secunia.com/advisories/47016

Vendor Advisory

http://tech.groups.yahoo.com/group/ClearSilver/message/1422

http://www.debian.org/security/2011/dsa-2355

http://www.openwall.com/lists/oss-security/2011/11/27/1

https://exchange.xforce.ibmcloud.com/vulnerabilities/71599

https://nvd.nist.gov/vuln/detail/CVE-2011-4357

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2011-4357

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2011-4357

EUVD