CVE-2017-16926 — CRITICAL (9.8)

Vulnerability Description

Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker (providing a source tree for Ohcount processing) to execute arbitrary code as the user running Ohcount.

CVSS Score

9.8

CRITICAL

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

HIGH

Availability

HIGH

Affected Products

Vendor	Product	Versions
Ohcount Project	Ohcount	3.0.0

Related Weaknesses (CWE)

CWE-78

References

https://bugs.debian.org/882372ExploitVendor Advisory
https://bugs.debian.org/882372ExploitVendor Advisory

FAQ

What is CVE-2017-16926?

CVE-2017-16926 is a vulnerability with a CVSS score of 9.8 (CRITICAL). Ohcount 3.0.0 is prone to a command injection via specially crafted filenames containing shell metacharacters, which can be exploited by an attacker (providing a source tree for Ohcount processing) to...

How severe is CVE-2017-16926?

CVE-2017-16926 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.

Is there a patch for CVE-2017-16926?

Check the references section above for vendor advisories and patch information. Affected products include: Ohcount Project Ohcount.