6.8

CVE-2012-4426

Multiple format string vulnerabilities in mcrypt 2.6.8 and earlier might allow user-assisted remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via vectors involving (1) errors.c or (2) mcrypt.c.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
McryptMcrypt Version <= 2.6.8
McryptMcrypt Version2.6.4
McryptMcrypt Version2.6.5
McryptMcrypt Version2.6.6
McryptMcrypt Version2.6.7
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 4.7% 0.906
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 6.8 8.6 6.4
AV:N/AC:M/Au:N/C:P/I:P/A:P
CWE-134 Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

http://www.openwall.com/lists/oss-security/2012/09/06/8
http://www.openwall.com/lists/oss-security/2012/09/06/9
http://www.openwall.com/lists/oss-security/2012/09/10/5
http://www.openwall.com/lists/oss-security/2012/09/13/22
http://www.securityfocus.com/bid/55557