CVE-2011-4357

Format string vulnerability in the p_cgi_error function in python/neo_cgi.c in the Python CGI Kit (neo_cgi) module for Clearsilver 0.10.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are not properly handled when creating CGI error messages using the cgi_error API function.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://code.google.com/p/clearsilver/source/detail?r=919
http://osvdb.org/77419
http://secunia.com/advisories/47016	Vendor Advisory
http://tech.groups.yahoo.com/group/ClearSilver/message/1422
http://www.debian.org/security/2011/dsa-2355
http://www.openwall.com/lists/oss-security/2011/11/27/1
https://exchange.xforce.ibmcloud.com/vulnerabilities/71599
http://code.google.com/p/clearsilver/source/detail?r=919
http://osvdb.org/77419
http://secunia.com/advisories/47016	Vendor Advisory
http://tech.groups.yahoo.com/group/ClearSilver/message/1422
http://www.debian.org/security/2011/dsa-2355
http://www.openwall.com/lists/oss-security/2011/11/27/1
https://exchange.xforce.ibmcloud.com/vulnerabilities/71599

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:brandon_long:clearsilver::::::::
	cpe:2.3:a:brandon_long:clearsilver:0.1:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.2:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.2.1:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.3:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.4:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.5:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.6:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.7:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.7.1:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.7.2:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.8.0:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.8.1:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.9.0:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.9.1:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.9.2:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.9.3:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.9.6:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.9.7:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.9.14:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.10.1:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.10.2:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.10.3:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.10.4:::::::*

History

21 Nov 2024, 01:32

Type	Values Removed	Values Added
References	~~() http://code.google.com/p/clearsilver/source/detail?r=919 -~~	() http://code.google.com/p/clearsilver/source/detail?r=919 -
References	~~() http://osvdb.org/77419 -~~	() http://osvdb.org/77419 -
References	~~() http://secunia.com/advisories/47016 - Vendor Advisory~~	() http://secunia.com/advisories/47016 - Vendor Advisory
References	~~() http://tech.groups.yahoo.com/group/ClearSilver/message/1422 -~~	() http://tech.groups.yahoo.com/group/ClearSilver/message/1422 -
References	~~() http://www.debian.org/security/2011/dsa-2355 -~~	() http://www.debian.org/security/2011/dsa-2355 -
References	~~() http://www.openwall.com/lists/oss-security/2011/11/27/1 -~~	() http://www.openwall.com/lists/oss-security/2011/11/27/1 -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/71599 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/71599 -

Information

Published : 2011-12-10 17:55

Updated : 2024-11-21 01:32

NVD link : CVE-2011-4357

Mitre link : CVE-2011-4357

CVE.ORG link : CVE-2011-4357

JSON object : View

Products Affected

brandon_long

clearsilver

CWE

CWE-134

Use of Externally-Controlled Format String

7.5 /10