OpenCVE

Format string vulnerability in the p_cgi_error function in python/neo_cgi.c in the Python CGI Kit (neo_cgi) module for Clearsilver 0.10.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are not properly handled when creating CGI error messages using the cgi_error API function.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Brandon Long	Clearsilver

Configuration 1 [-]

OR	cpe:2.3:a:brandon_long:clearsilver::::::::
	cpe:2.3:a:brandon_long:clearsilver:0.1:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.2:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.2.1:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.3:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.4:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.5:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.6:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.7:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.7.1:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.7.2:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.8.0:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.8.1:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.9.0:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.9.1:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.9.2:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.9.3:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.9.6:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.9.7:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.9.14:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.10.1:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.10.2:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.10.3:::::::*
	cpe:2.3:a:brandon_long:clearsilver:0.10.4:::::::*

No data.

References

Link	Providers
http://code.google.com/p/clearsilver/source/detail?r=919
http://osvdb.org/77419
http://secunia.com/advisories/47016
http://tech.groups.yahoo.com/group/ClearSilver/message/1422
http://www.debian.org/security/2011/dsa-2355
http://www.openwall.com/lists/oss-security/2011/11/27/1
https://exchange.xforce.ibmcloud.com/vulnerabilities/71599

History

No history.

MITRE

Status: PUBLISHED

Assigner: redhat

Published: 2011-12-10T17:00:00

Updated: 2024-08-07T00:09:18.347Z

Reserved: 2011-11-04T00:00:00

Link: CVE-2011-4357

Vulnrichment

No data.

NVD

Status : Modified

Published: 2011-12-10T17:55:01.710

Modified: 2024-11-21T01:32:18.257

Link: CVE-2011-4357

Redhat

No data.

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

Metrics

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

Affected Vendors & Products

JSON object

JSON object

JSON object

JSON object