CVE-2014-6262

high

Description

Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131.

References

https://www.securityfocus.com/bid/71540

https://lists.debian.org/debian-lts-announce/2020/03/msg00003.html

https://lists.debian.org/debian-lts-announce/2020/03/msg00000.html

https://github.com/oetiker/rrdtool-1.x/pull/532

https://github.com/oetiker/rrdtool-1.x/commit/85261a013112e278c90224033f5b0592ee387786

https://github.com/oetiker/rrdtool-1.x/commit/64ed5314af1255ab6dded45f70b39cdeab5ae2ec

https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing

http://www.kb.cert.org/vuls/id/449452

Details

Source: Mitre, NVD

Published: 2020-02-12

Updated: 2022-01-01

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High