QwikSec

Security Database

CVE

CWE

Training

CVE-2014-6262

Published: Feb 12, 2020

Modified: Aug 6, 2024

PUBLISHED

Description

Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharing

x_refsource_MISC

http://www.kb.cert.org/vuls/id/449452

x_refsource_MISC

https://www.securityfocus.com/bid/71540

x_refsource_MISC

https://github.com/oetiker/rrdtool-1.x/pull/532

x_refsource_MISC

https://github.com/oetiker/rrdtool-1.x/commit/64ed5314af1255ab6dded45f70b39cdeab5ae2ec

x_refsource_MISC

https://github.com/oetiker/rrdtool-1.x/commit/85261a013112e278c90224033f5b0592ee387786

x_refsource_MISC

[debian-lts-announce] 20200301 [SECURITY] [DLA 2131-1] rrdtool security update

mailing-list

x_refsource_MLIST

[debian-lts-announce] 20200302 [SECURITY] [DLA 2131-2] rrdtool regression update

mailing-list

x_refsource_MLIST

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.