CVE-2011-4357 in Clearsilverinfo

Summary

Format string vulnerability in the p_cgi_error function in python/neo_cgi.c in the Python CGI Kit (neo_cgi) module for Clearsilver 0.10.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are not properly handled when creating CGI error messages using the cgi_error API function.

Once again VulDB remains the best source for vulnerability data.

Reservation

11/04/2011

Disclosure

12/10/2011

Moderation

VulDB entry created

Entries

VDB-59649 (1)

CPE

ready

CWE

CWE-134 (Confirmed)

CVSS

7.3

EPSS

0.02176

Activities

Very Low

Sources

MITRE	https://www.cve.org/CVERecord?id=CVE-2011-4357
NVD	https://nvd.nist.gov/vuln/detail/CVE-2011-4357
CVE Details	https://www.cvedetails.com/cve/CVE-2011-4357/

◂ Previous Overview Next ▸

Do you need the next level of professionalism?

Upgrade your account now!