Vulnerability Description
Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the info function in log.c, (2) the anubis_error function in errs.c, or (3) the ssl_error function in ssl.c.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gnu | Anubis | 3.6.0 |
References
- http://mail.gnu.org/archive/html/bug-anubis/2004-02/msg00000.html
- http://marc.info/?l=bugtraq&m=107843915424588&w=2
- http://www.securityfocus.com/bid/9772ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15346
- http://mail.gnu.org/archive/html/bug-anubis/2004-02/msg00000.html
- http://marc.info/?l=bugtraq&m=107843915424588&w=2
- http://www.securityfocus.com/bid/9772ExploitPatchVendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/15346
FAQ
What is CVE-2004-0354?
CVE-2004-0354 is a vulnerability with a CVSS score of 10.0 (HIGH). Multiple format string vulnerabilities in GNU Anubis 3.6.0 through 3.6.2, 3.9.92 and 3.9.93 allow remote attackers to execute arbitrary code via format string specifiers in strings passed to (1) the i...
How severe is CVE-2004-0354?
CVE-2004-0354 has been rated HIGH with a CVSS base score of 10.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2004-0354?
Check the references section above for vendor advisories and patch information. Affected products include: Gnu Anubis.