7.9 High
AI Score
Confidence
Low
7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.621 Medium
EPSS
Percentile
97.8%
Format string vulnerability in the (1) Con_message and (2) conPrintf functions in con_main.c in Doomsday engine 1.8.6 allows remote attackers to execute arbitrary code via format string specifiers in an argument to the JOIN command, and possibly other command arguments.
CPE | Name | Operator | Version |
---|---|---|---|
doomsday:doomsday | doomsday | eq | 1.8.6 |
aluigi.altervista.org/adv/doomsdayfs-adv.txt
lists.grok.org.uk/pipermail/full-disclosure/2006-April/044865.html
secunia.com/advisories/19515
secunia.com/advisories/19519
securitytracker.com/id?1015860
www.gentoo.org/security/en/glsa/glsa-200604-05.xml
www.securityfocus.com/archive/1/429857/100/0/threaded
www.securityfocus.com/bid/17369
www.vupen.com/english/advisories/2006/1221
exchange.xforce.ibmcloud.com/vulnerabilities/25622