5
CVE-2013-2131
- EPSS 10.91%
- Veröffentlicht 04.01.2015 21:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
- CVE-Watchlists
- Unerledigt
Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Rrdtool Project ≫ Rrdtool Version1.4.7 SwPlatformpython
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 10.91% | 0.953 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-134 Use of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
http://www.openwall.com/lists/oss-security/2013/04/18/5
http://www.openwall.com/lists/oss-security/2013/05/19/5
http://www.openwall.com/lists/oss-security/2013/05/31/2
https://bugzilla.redhat.com/show_bug.cgi?id=969296
https://github.com/oetiker/rrdtool-1.x/issues/396
https://github.com/oetiker/rrdtool-1.x/pull/397