CVE-2017-7938

EUVD-2017-16909
Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long argument. An example threat model is automated execution of DMitry with hostname strings found in local log files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.6 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CISA-ADPADP
6.6 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 83%
Affected Products (NVD)
VendorProductVersion
mor-pah.netdmitry_deepmagic_information_gathering_tool
1.3a:a
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dmitry
bookworm
1.3a-1.2+deb12u1
fixed
bullseye
vulnerable
bullseye (security)
1.3a-1.1+deb11u1
fixed
buster
postponed
sid
1.3a-6
fixed
trixie
1.3a-6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dmitry
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
mantic
ignored
noble
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://cxsecurity.com/issue/WLB-2017040113
https://github.com/jaygreig86/dmitry/pull/12
https://packetstormsecurity.com/files/142210/Dmitry-1.3a-Local-Stack-Buffer-Overflow.html
https://www.exploit-db.com/exploits/41898/
https://cxsecurity.com/issue/WLB-2017040113
https://github.com/jaygreig86/dmitry/pull/12
https://lists.debian.org/debian-lts-announce/2024/10/msg00024.html
https://packetstormsecurity.com/files/142210/Dmitry-1.3a-Local-Stack-Buffer-Overflow.html
https://www.exploit-db.com/exploits/41898/