CVE-2014-6262

Published: Feb 12, 2020Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131.

Affected (2)

Products: Zenoss: Zenoss Core · Debian: Debian Linux

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Zenoss Zenoss Core	Before 4.2.5

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 8.0

Related CWEs

Use of Externally-Controlled Format String

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

References (16)

http://www.kb.cert.org/vuls/id/449452

Source: cve@mitre.org

Third Party AdvisoryUS Government Resource

https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing

Source: cve@mitre.org

Third Party Advisory

https://github.com/oetiker/rrdtool-1.x/commit/64ed5314af1255ab6dded45f70b39cdeab5ae2ec

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/oetiker/rrdtool-1.x/commit/85261a013112e278c90224033f5b0592ee387786

Source: cve@mitre.org

PatchThird Party Advisory

https://github.com/oetiker/rrdtool-1.x/pull/532

Source: cve@mitre.org

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2020/03/msg00000.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/03/msg00003.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://www.securityfocus.com/bid/71540

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

http://www.kb.cert.org/vuls/id/449452

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryUS Government Resource

https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://github.com/oetiker/rrdtool-1.x/commit/64ed5314af1255ab6dded45f70b39cdeab5ae2ec

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/oetiker/rrdtool-1.x/commit/85261a013112e278c90224033f5b0592ee387786

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://github.com/oetiker/rrdtool-1.x/pull/532

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

https://lists.debian.org/debian-lts-announce/2020/03/msg00000.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://lists.debian.org/debian-lts-announce/2020/03/msg00003.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

https://www.securityfocus.com/bid/71540

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

Timeline

No history available yet.