CVE-2014-6262 Information

Feb 14, 2021 cve

Description

Multiple format string vulnerabilities in the python module in RRDtool as used in Zenoss Core before 4.2.5 and other products allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function aka ZEN-15415 a related issue to CVE-2013-2131.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Reference

http://www.kb.cert.org/vuls/id/449452 https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing https://github.com/oetiker/rrdtool-1.x/commit/64ed5314af1255ab6dded45f70b39cdeab5ae2ec https://github.com/oetiker/rrdtool-1.x/commit/85261a013112e278c90224033f5b0592ee387786 https://github.com/oetiker/rrdtool-1.x/pull/532 https://lists.debian.org/debian-lts-announce/2020/03/msg00000.html https://lists.debian.org/debian-lts-announce/2020/03/msg00003.html https://www.securityfocus.com/bid/71540

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

NONE

Availability Impact

NONE

Base Score

HIGH

Base Severity

7.5

Share on: