Lucene search

[email protected]CVE-2007-4644

HistoryAug 31, 2007 - 11:17 p.m.

CVE-2007-4644

2007-08-3123:17:00

CWE-94

[email protected]

web.nvd.nist.gov

cve-2007-4644

format string vulnerability

cl_getpackets

doomsday

remote code execution

nvd

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

80.9%

JSON

Format string vulnerability in the Cl_GetPackets function in cl_main.c in the client in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allows remote Doomsday servers to execute arbitrary code via format string specifiers in a PSV_CONSOLE_TEXT message.

CPENameOperatorVersion
doomsday:doomsdaydoomsdayle1.9.0_beta5.1

CPE	Name	Operator	Version
doomsday:doomsday	doomsday	le	1.9.0_beta5.1

References

aluigi.org/poc/dumsdei.zip

bugs.gentoo.org/show_bug.cgi?id=190835

secunia.com/advisories/26524

secunia.com/advisories/28821

security.gentoo.org/glsa/glsa-200802-02.xml

securityreason.com/securityalert/3084

www.securityfocus.com/archive/1/478077/100/0/threaded

www.securityfocus.com/bid/25483

exchange.xforce.ibmcloud.com/vulnerabilities/36337

7.7 High

AI Score

Confidence

Low

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.008 Low

EPSS

Percentile

80.9%

JSON

Related for CVE-2007-4644

prion1 openvas2 gentoo1 nessus1