CVE-2011-4357

2011-12-1000:00:00

ubuntu.com

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.093 Low

EPSS

Percentile

94.6%

JSON

Format string vulnerability in the p_cgi_error function in python/neo_cgi.c
in the Python CGI Kit (neo_cgi) module for Clearsilver 0.10.5 and earlier
allows remote attackers to cause a denial of service (crash) and possibly
execute arbitrary code via format string specifiers that are not properly
handled when creating CGI error messages using the cgi_error API function.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=649322>

OSVersionArchitecturePackageVersionFilename
ubuntu10.10noarchclearsilver< 0.10.5-1+squeeze1build0.10.10.1UNKNOWN
ubuntu11.04noarchclearsilver< 0.10.5-1+squeeze1build0.11.04.1UNKNOWN
ubuntu11.10noarchclearsilver< 0.10.5-1.1ubuntu0.1UNKNOWN
ubuntu12.04noarchclearsilver< 0.10.5-1.2ubuntu1UNKNOWN
ubuntu12.10noarchclearsilver< 0.10.5-1.2ubuntu1UNKNOWN
ubuntu13.04noarchclearsilver< 0.10.5-1.2ubuntu1UNKNOWN
ubuntu13.10noarchclearsilver< 0.10.5-1.2ubuntu1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	10.10	noarch	clearsilver	< 0.10.5-1+squeeze1build0.10.10.1	UNKNOWN
ubuntu	11.04	noarch	clearsilver	< 0.10.5-1+squeeze1build0.11.04.1	UNKNOWN
ubuntu	11.10	noarch	clearsilver	< 0.10.5-1.1ubuntu0.1	UNKNOWN
ubuntu	12.04	noarch	clearsilver	< 0.10.5-1.2ubuntu1	UNKNOWN
ubuntu	12.10	noarch	clearsilver	< 0.10.5-1.2ubuntu1	UNKNOWN
ubuntu	13.04	noarch	clearsilver	< 0.10.5-1.2ubuntu1	UNKNOWN
ubuntu	13.10	noarch	clearsilver	< 0.10.5-1.2ubuntu1	UNKNOWN