CVE-2012-2090

2012-06-1703:41:40

CWE-134

[email protected]

web.nvd.nist.gov

cve-2012-2090

flightgear

simgear

format string vulnerabilities

denial of service

arbitrary code execution

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.7 High

AI Score

Confidence

Low

0.035 Low

EPSS

Percentile

91.6%

JSON

Multiple format string vulnerabilities in FlightGear 2.6 and earlier and SimGear 2.6 and earlier allow user-assisted remote attackers to cause a denial of service and possibly execute arbitrary code via format string specifiers in certain data chunk values in an aircraft xml model to (1) fgfs/flightgear/src/Cockpit/panel.cxx or (2) fgfs/flightgear/src/Network/generic.cxx, or (3) a scene graph model to simgear/simgear/scene/model/SGText.cxx.

Affected configurations

NVD

Node

flightgearflightgearRange≤2.6.0

flightgearflightgearMatch1.9.1

flightgearflightgearMatch2.0.0

simgearsimgearRange≤2.6.0

simgearsimgearMatch1.9.1

simgearsimgearMatch2.0.0

CPENameOperatorVersion
flightgear:flightgearflightgearle2.6.0
flightgear:flightgearflightgeareq1.9.1
flightgear:flightgearflightgeareq2.0.0
simgear:simgearsimgearle2.6.0
simgear:simgearsimgeareq1.9.1
simgear:simgearsimgeareq2.0.0

CPE	Name	Operator	Version
flightgear:flightgear	flightgear	le	2.6.0
flightgear:flightgear	flightgear	eq	1.9.1
flightgear:flightgear	flightgear	eq	2.0.0
simgear:simgear	simgear	le	2.6.0
simgear:simgear	simgear	eq	1.9.1
simgear:simgear	simgear	eq	2.0.0