CVE-2011-4357

Format string vulnerability in the p_cgi_error function in python/neo_cgi.c in the Python CGI Kit (neo_cgi) module for Clearsilver 0.10.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are not properly handled when creating CGI error messages using the cgi_error API function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 84%
VendorProductVersion
brandon_longclearsilver
𝑥
≤ 0.10.5
brandon_longclearsilver
0.1
brandon_longclearsilver
0.2
brandon_longclearsilver
0.2.1
brandon_longclearsilver
0.3
brandon_longclearsilver
0.4
brandon_longclearsilver
0.5
brandon_longclearsilver
0.6
brandon_longclearsilver
0.7
brandon_longclearsilver
0.7.1
brandon_longclearsilver
0.7.2
brandon_longclearsilver
0.8.0
brandon_longclearsilver
0.8.1
brandon_longclearsilver
0.9.0
brandon_longclearsilver
0.9.1
brandon_longclearsilver
0.9.2
brandon_longclearsilver
0.9.3
brandon_longclearsilver
0.9.6
brandon_longclearsilver
0.9.7
brandon_longclearsilver
0.9.14
brandon_longclearsilver
0.10.1
brandon_longclearsilver
0.10.2
brandon_longclearsilver
0.10.3
brandon_longclearsilver
0.10.4
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
clearsilver
bookworm
0.10.5-4
fixed
bullseye
0.10.5-4
fixed
sid
0.10.5-6
fixed
trixie
0.10.5-6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
clearsilver
saucy
Fixed 0.10.5-1.2ubuntu1
released
raring
Fixed 0.10.5-1.2ubuntu1
released
quantal
Fixed 0.10.5-1.2ubuntu1
released
precise
Fixed 0.10.5-1.2ubuntu1
released
oneiric
Fixed 0.10.5-1.1ubuntu0.1
released
natty
Fixed 0.10.5-1+squeeze1build0.11.04.1
released
maverick
Fixed 0.10.5-1+squeeze1build0.10.10.1
released
lucid
ignored
hardy
ignored
Common Weakness Enumeration
References
http://code.google.com/p/clearsilver/source/detail?r=919
http://osvdb.org/77419
http://secunia.com/advisories/47016
http://tech.groups.yahoo.com/group/ClearSilver/message/1422
http://www.debian.org/security/2011/dsa-2355
http://www.openwall.com/lists/oss-security/2011/11/27/1
https://exchange.xforce.ibmcloud.com/vulnerabilities/71599
http://code.google.com/p/clearsilver/source/detail?r=919
http://osvdb.org/77419
http://secunia.com/advisories/47016
http://tech.groups.yahoo.com/group/ClearSilver/message/1422
http://www.debian.org/security/2011/dsa-2355
http://www.openwall.com/lists/oss-security/2011/11/27/1
https://exchange.xforce.ibmcloud.com/vulnerabilities/71599