Lucene search

[email protected]CVE-2012-4436

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2012-4436

2022-10-0316:15:34

CWE-119

[email protected]

web.nvd.nist.gov

cve-2012-4436

buffer overflow

fwknop

denial of service

arbitrary code execution

nvd

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Buffer overflow in the run_last_args function in client/fwknop.c in fwknop before 2.0.3, when processing --last, might allow local users to cause a denial of service (client crash) and possibly execute arbitrary code via many .fwknop.run arguments.

Affected configurations

NVD

Node

cipherdynefwknopRange≤2.0.2

cipherdynefwknopMatch2.0

cipherdynefwknopMatch2.0.1

CPENameOperatorVersion
cipherdyne:fwknopcipherdyne fwknople2.0.2
cipherdyne:fwknopcipherdyne fwknopeq2.0
cipherdyne:fwknopcipherdyne fwknopeq2.0.1

CPE	Name	Operator	Version
cipherdyne:fwknop	cipherdyne fwknop	le	2.0.2
cipherdyne:fwknop	cipherdyne fwknop	eq	2.0
cipherdyne:fwknop	cipherdyne fwknop	eq	2.0.1

References

www.cipherdyne.org/blog/2012/09/software-release-fwknop-2.0.3.html

www.cipherdyne.org/cgi-bin/gitweb.cgi?p=fwknop.git%3Ba=commitdiff%3Bh=a60f05ad44e824f6230b22f8976399340cb535dc

www.openwall.com/lists/oss-security/2012/09/19/2

www.openwall.com/lists/oss-security/2012/09/20/4

4.4 Medium

CVSS2

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:L/AC:M/Au:N/C:P/I:P/A:P

7.8 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

5.1%

JSON

Related for CVE-2012-4436

debiancve1 prion1 cvelist1 ubuntucve1 nvd1