CVE-2017-7938

Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long argument. An example threat model is automated execution of DMitry with hostname strings found in local log files.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.6 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
mitreCNA
---
---
CISA-ADPADP
6.6 MEDIUM
LOCAL
LOW
LOW
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
VendorProductVersion
mor-pah.netdmitry_deepmagic_information_gathering_tool
1.3a:a
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dmitry
bullseye
vulnerable
buster
postponed
bullseye (security)
1.3a-1.1+deb11u1
fixed
bookworm
1.3a-1.2+deb12u1
fixed
sid
1.3a-6
fixed
trixie
1.3a-6
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dmitry
noble
needs-triage
mantic
ignored
jammy
needs-triage
focal
needs-triage
bionic
needs-triage
xenial
needs-triage
Common Weakness Enumeration
References
https://cxsecurity.com/issue/WLB-2017040113
https://github.com/jaygreig86/dmitry/pull/12
https://packetstormsecurity.com/files/142210/Dmitry-1.3a-Local-Stack-Buffer-Overflow.html
https://www.exploit-db.com/exploits/41898/
https://cxsecurity.com/issue/WLB-2017040113
https://github.com/jaygreig86/dmitry/pull/12
https://lists.debian.org/debian-lts-announce/2024/10/msg00024.html
https://packetstormsecurity.com/files/142210/Dmitry-1.3a-Local-Stack-Buffer-Overflow.html
https://www.exploit-db.com/exploits/41898/