Vulnerability Description
Buffer overflow in the addchar function in common/parseconf.c in upsd in Network UPS Tools (NUT) before 2.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (electric-power outage) via a long string containing non-printable characters.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Networkupstools | Nut | <= 2.6.3-3 |
Related Weaknesses (CWE)
References
- http://alioth.debian.org/tracker/?func=detail&aid=313636Exploit
- http://networkupstools.org/docs/user-manual.chunked/apis01.html
- http://secunia.com/advisories/49348Vendor Advisory
- http://secunia.com/advisories/50389
- http://trac.networkupstools.org/projects/nut/changeset/3633
- http://www.debian.org/security/2012/dsa-2484
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:087
- http://www.osvdb.org/82409
- http://www.securityfocus.com/bid/53743
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75980
- https://hermes.opensuse.org/messages/15514634
- http://alioth.debian.org/tracker/?func=detail&aid=313636Exploit
- http://networkupstools.org/docs/user-manual.chunked/apis01.html
- http://secunia.com/advisories/49348Vendor Advisory
- http://secunia.com/advisories/50389
FAQ
What is CVE-2012-2944?
CVE-2012-2944 is a vulnerability with a CVSS score of 7.5 (HIGH). Buffer overflow in the addchar function in common/parseconf.c in upsd in Network UPS Tools (NUT) before 2.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (electric-p...
How severe is CVE-2012-2944?
CVE-2012-2944 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2012-2944?
Check the references section above for vendor advisories and patch information. Affected products include: Networkupstools Nut.