← Back

CVE-2005-1122

nvd nist
Published: Apr 14, 2005Modified: Apr 16, 2026

JSON object

Loading...
7.5
Vector
AV:N/AC:L/Au:N/C:P/I:P/A:P
Exploitability: 10.0 / Impact: 6.4
Source: NVD

Description

Format string vulnerability in cgi.c for Monkey daemon (monkeyd) before 0.9.1 allows remote attackers to cause a denial of service and possibly execute arbitrary code via an HTTP GET request containing double-encoded format string specifiers (aka "double expansion error").

Affected (17)

Monkey Project
1 product
Monkey
Configuration A
17 vulnerable
Vulnerable SoftwareAffected Versions
Monkey Project
Monkey
Up to 0.9.0
Monkey
Version 0.1.1
Monkey
Version 0.5.2
Monkey
Version 0.6.0
Monkey
Version 0.6.1
Monkey
Version 0.6.2
Monkey
Version 0.6.3
Monkey
Version 0.7.0
Monkey
Version 0.7.1
Monkey
Version 0.7.2
Monkey
Version 0.8.0
Monkey
Version 0.8.1
Monkey
Version 0.8.2
Monkey
Version 0.8.3
Monkey
Version 0.8.4
Monkey
Version 0.8.4 2
Monkey
Version 0.8.5

Related CWEs

CWE-134
Use of Externally-Controlled Format String
The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

References (8)

Source: cve@mitre.org
Vendor Advisory
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
PatchVendor Advisory
Source: cve@mitre.org
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
PatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Vendor Advisory

Timeline

No history available yet.