CVE-2011-4357

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2011-4357
Format string vulnerability in the p_cgi_error function in python/neo_cgi.c in the Python CGI Kit (neo_cgi) module for Clearsilver 0.10.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are not properly handled when creating CGI error messages using the cgi_error API function.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://code.google.com/p/clearsilver/source/detail?r=919
http://osvdb.org/77419
http://secunia.com/advisories/47016 Vendor Advisory
http://tech.groups.yahoo.com/group/ClearSilver/message/1422
http://www.debian.org/security/2011/dsa-2355
http://www.openwall.com/lists/oss-security/2011/11/27/1
https://exchange.xforce.ibmcloud.com/vulnerabilities/71599
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:brandon_long:clearsilver:*:*:*:*:*:*:*:*
cpe:2.3:a:brandon_long:clearsilver:0.1:*:*:*:*:*:*:*
cpe:2.3:a:brandon_long:clearsilver:0.2:*:*:*:*:*:*:*
cpe:2.3:a:brandon_long:clearsilver:0.2.1:*:*:*:*:*:*:*
cpe:2.3:a:brandon_long:clearsilver:0.3:*:*:*:*:*:*:*
cpe:2.3:a:brandon_long:clearsilver:0.4:*:*:*:*:*:*:*
cpe:2.3:a:brandon_long:clearsilver:0.5:*:*:*:*:*:*:*
cpe:2.3:a:brandon_long:clearsilver:0.6:*:*:*:*:*:*:*
cpe:2.3:a:brandon_long:clearsilver:0.7:*:*:*:*:*:*:*
cpe:2.3:a:brandon_long:clearsilver:0.7.1:*:*:*:*:*:*:*
cpe:2.3:a:brandon_long:clearsilver:0.7.2:*:*:*:*:*:*:*
cpe:2.3:a:brandon_long:clearsilver:0.8.0:*:*:*:*:*:*:*
cpe:2.3:a:brandon_long:clearsilver:0.8.1:*:*:*:*:*:*:*
cpe:2.3:a:brandon_long:clearsilver:0.9.0:*:*:*:*:*:*:*
cpe:2.3:a:brandon_long:clearsilver:0.9.1:*:*:*:*:*:*:*
cpe:2.3:a:brandon_long:clearsilver:0.9.2:*:*:*:*:*:*:*
cpe:2.3:a:brandon_long:clearsilver:0.9.3:*:*:*:*:*:*:*
cpe:2.3:a:brandon_long:clearsilver:0.9.6:*:*:*:*:*:*:*
cpe:2.3:a:brandon_long:clearsilver:0.9.7:*:*:*:*:*:*:*
cpe:2.3:a:brandon_long:clearsilver:0.9.14:*:*:*:*:*:*:*
cpe:2.3:a:brandon_long:clearsilver:0.10.1:*:*:*:*:*:*:*
cpe:2.3:a:brandon_long:clearsilver:0.10.2:*:*:*:*:*:*:*
cpe:2.3:a:brandon_long:clearsilver:0.10.3:*:*:*:*:*:*:*
cpe:2.3:a:brandon_long:clearsilver:0.10.4:*:*:*:*:*:*:*
History

No history.

Information

Published : 2011-12-10 17:55

Updated : 2024-02-04 17:54

NVD link : CVE-2011-4357

Mitre link : CVE-2011-4357

CVE.ORG link : CVE-2011-4357

JSON object : View

Products Affected

brandon_long

  • clearsilver
CWE
CWE-134

Use of Externally-Controlled Format String