CVE-2013-2131

Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 93%
VendorProductVersion
rrdtool_projectrrdtool
1.4.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
rrdtool
bullseye
1.7.2-3
fixed
bookworm
1.7.2-4
fixed
sid
1.7.2-4.2
fixed
trixie
1.7.2-4.2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
rrdtool
noble
Fixed 1.7.2-3ubuntu5
released
mantic
Fixed 1.7.2-3ubuntu5
released
lunar
Fixed 1.7.2-3ubuntu5
released
kinetic
Fixed 1.7.2-3ubuntu5
released
jammy
Fixed 1.7.2-3ubuntu5
released
impish
Fixed 1.7.2-3build6
released
hirsute
ignored
groovy
ignored
focal
Fixed 1.7.2-3build1
released
eoan
ignored
disco
ignored
cosmic
ignored
bionic
Fixed 1.7.0-1build1
released
artful
ignored
zesty
ignored
yakkety
ignored
xenial
Fixed 1.4.8-1
released
wily
ignored
vivid
ignored
utopic
ignored
trusty
needed
saucy
ignored
raring
ignored
quantal
ignored
precise
ignored
lucid
ignored
Common Weakness Enumeration
References
http://www.openwall.com/lists/oss-security/2013/04/18/5
http://www.openwall.com/lists/oss-security/2013/05/19/5
http://www.openwall.com/lists/oss-security/2013/05/31/2
https://bugzilla.redhat.com/show_bug.cgi?id=969296
https://github.com/oetiker/rrdtool-1.x/issues/396
https://github.com/oetiker/rrdtool-1.x/pull/397
http://www.openwall.com/lists/oss-security/2013/04/18/5
http://www.openwall.com/lists/oss-security/2013/05/19/5
http://www.openwall.com/lists/oss-security/2013/05/31/2
https://bugzilla.redhat.com/show_bug.cgi?id=969296
https://github.com/oetiker/rrdtool-1.x/issues/396
https://github.com/oetiker/rrdtool-1.x/pull/397