7.5 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:P/A:P
0.022 Low
EPSS
Percentile
89.3%
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and
probably other BSD and Apple Mac OS platforms allow context-dependent
attackers to execute arbitrary code via large values of certain integer
fields in the format argument to (1) the strfmon function in
lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the
printf function, related to left_prec and right_prec.
Author | Note |
---|---|
kees | originally limited to NetBSD php -r βmoney_format(β%1073741821iβ,1);β php -r βmoney_format(β%#1073741821iβ,1);β php -r βmoney_format(β%.1073741821iβ,1);β |