Lucene search

[email protected]CVE-2005-1686

HistoryMay 20, 2005 - 4:00 a.m.

CVE-2005-1686

2005-05-2004:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2005-1686

gedit

format string vulnerability

denial of service

security boundary

6.1 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

77.3%

JSON

Format string vulnerability in gedit 2.10.2 may allow attackers to cause a denial of service (application crash) via a bin file with format string specifiers in the filename. NOTE: while this issue is triggered on the command line by the gedit user, it has been reported that web browsers and email clients could be configured to provide a file name as an argument to gedit, so there is a valid attack that crosses security boundaries.

CPENameOperatorVersion
gnome:geditgnome gediteq2.10.2

CPE	Name	Operator	Version
gnome:gedit	gnome gedit	eq	2.10.2

References

marc.info/?l=bugtraq&m=111661117701398&w=2

security.gentoo.org/glsa/glsa-200506-09.xml

www.debian.org/security/2005/dsa-753

www.novell.com/linux/security/advisories/2005_36_sudo.html

www.redhat.com/support/errata/RHSA-2005-499.html

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A1245

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9845

usn.ubuntu.com/138-1/

6.1 Medium

AI Score

Confidence

Low

2.6 Low

CVSS2

Access Vector

NETWORK

Access Complexity

HIGH

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:N/I:N/A:P

0.005 Low

EPSS

Percentile

77.3%

JSON

Related for CVE-2005-1686

nessus13 openvas8 debian2 ubuntu1 debiancve1 osv1 ubuntucve1 cert1 freebsd1 redhat1 centos1 gentoo1 suse1