CVE-2014-6262
Severity CVSS v4.0:
Pending analysis
Type:
CWE-134
Format String Vulnerability
Publication date:
12/02/2020
Last modified:
01/01/2022
Description
Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131.
Impact
Base Score 3.x
7.50
Severity 3.x
HIGH
Base Score 2.0
5.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:zenoss:zenoss_core:*:*:*:*:*:*:*:* | 4.2.5 (excluding) | |
| cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.kb.cert.org/vuls/id/449452
- https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing
- https://github.com/oetiker/rrdtool-1.x/commit/64ed5314af1255ab6dded45f70b39cdeab5ae2ec
- https://github.com/oetiker/rrdtool-1.x/commit/85261a013112e278c90224033f5b0592ee387786
- https://github.com/oetiker/rrdtool-1.x/pull/532
- https://lists.debian.org/debian-lts-announce/2020/03/msg00000.html
- https://lists.debian.org/debian-lts-announce/2020/03/msg00003.html
- https://www.securityfocus.com/bid/71540