7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.088 Low
EPSS
Percentile
93.7%
Andrew V. Samoilov has noticed that several bugfixes which were
applied to the source by upstream developers of mc, the midnight
commander, a file browser and manager, were not backported to the
current version of mc that Debian ships in their stable release. The
Common Vulnerabilities and Exposures Project identifies the following
vulnerabilities:
CAN-2004-1004
Multiple format string vulnerabilities
CAN-2004-1005
Multiple buffer overflows
CAN-2004-1009
One infinite loop vulnerability
CAN-2004-1090
Denial of service via corrupted section header
CAN-2004-1091
Denial of service via null dereference
CAN-2004-1092
Freeing unallocated memory
CAN-2004-1093
Denial of service via use of already freed memory
CAN-2004-1174
Denial of service via manipulating non-existing file handles
CAN-2004-1175
Unintended program execution via insecure filename quoting
CAN-2004-1176
Denial of service via a buffer underflow
For the stable distribution (woody) these problems have been fixed in
version 4.5.55-1.2woody5.
For the unstable distribution (sid) these problems should already be
fixed since they were backported from current versions.
We recommend that you upgrade your mc package.
CPE | Name | Operator | Version |
---|---|---|---|
mc | eq | 4.5.55-1.2woody3 |