8.1
CVE-2015-10088
- EPSS 0.72%
- Veröffentlicht 05.03.2023 05:15:09
- Zuletzt bearbeitet 21.11.2024 02:24:21
- Quelle cna@vuldb.com
- CVE-Watchlists
- Unerledigt
Loginayttm proxy.c http_connect format string
A vulnerability, which was classified as critical, was found in ayttm up to 0.5.0.89. This affects the function http_connect in the library libproxy/proxy.c. The manipulation leads to format string. It is possible to initiate the attack remotely. The complexity of an attack is rather high. The exploitability is told to be difficult. The patch is named 40e04680018614a7d2b68566b261b061a0597046. It is recommended to apply a patch to fix this issue. The associated identifier of this vulnerability is VDB-222267.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Ayttm Project ≫ Ayttm Version <= 0.5.0-89
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.72% | 0.491 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 8.1 | 2.2 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| cna@vuldb.com | 5 | 1.6 | 3.4 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:L/I:L/A:L
|
| cna@vuldb.com | 4.6 | 3.9 | 6.4 |
AV:N/AC:H/Au:S/C:P/I:P/A:P
|
CWE-134 Use of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.
https://github.com/ayttm/ayttm/commit/40e04680018614a7d2b68566b261b061a0597046
https://sourceforge.net/p/ayttm/mailman/message/34397158/
https://vuldb.com/?ctiid.222267
https://vuldb.com/?id.222267