CVE-2013-4147

Multiple format string vulnerabilities in Yet Another Radius Daemon (YARD RADIUS) 1.1.2 allow context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in a request in the (1) log_msg function in log.c or (2) version or (3) build_version function in version.c.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:P/A:P
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
VendorProductVersion
yard_radius_projectyard_radius
1.1.2-4
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
yardradius
disco
dne
cosmic
dne
bionic
dne
artful
dne
zesty
dne
yakkety
dne
xenial
dne
wily
dne
vivid
dne
utopic
dne
trusty
dne
saucy
ignored
raring
ignored
quantal
ignored
precise
ignored
lucid
ignored
Common Weakness Enumeration
References
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714612
http://cxsecurity.com/issue/WLB-2013070028
http://osvdb.org/95518
http://seclists.org/oss-sec/2013/q3/145
https://exchange.xforce.ibmcloud.com/vulnerabilities/85892
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=714612
http://cxsecurity.com/issue/WLB-2013070028
http://osvdb.org/95518
http://seclists.org/oss-sec/2013/q3/145
https://exchange.xforce.ibmcloud.com/vulnerabilities/85892