Published: 04/01/2015 Updated: 19/05/2015

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

VMScore: 505

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent malicious users to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function.

Vulnerable Product	Search on Vulmon	Subscribe to Product
rrdtool project rrdtool 1.4.7

Debian Bug report logs - #708866 python-rrdtool: CVE-2013-2131: format string vulnerability Package: python-rrdtool; Maintainer for python-rrdtool is Debian RRDtool Team <pkg-rrdtool-maint@listsaliothdebianorg>; Source for python-rrdtool is src:rrdtool (PTS, buildd, popcon) Reported by: Henri Salo <henri@nervfi> ...

Format string vulnerability in the rrdtool module 147 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtoolgraph function ...

/* source: wwwsecurityfocuscom/bid/60004/info The RRDtool module for Python is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input An attacker may exploit this issue to execute arbitrary code within the context of the affected application or to crash the application RRDtool 147 is affecte ...

CWE-134 http://www.openwall.com/lists/oss-security/2013/04/18/5 https://github.com/oetiker/rrdtool-1.x/issues/396 https://bugzilla.redhat.com/show_bug.cgi?id=969296 http://www.openwall.com/lists/oss-security/2013/05/31/2 http://www.openwall.com/lists/oss-security/2013/05/19/5 https://github.com/oetiker/rrdtool-1.x/pull/397 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=708866 https://nvd.nist.gov https://www.exploit-db.com/exploits/38521/https://access.redhat.com/security/cve/cve-2013-2131

CVE-2013-2131

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect