Twibright Labs Links 2.7 Graphical Mode HTML Table numeric error
| CVSS Meta Temp Score | Current Exploit Price (≈) | CTI Interest Score |
|---|---|---|
| 9.6 | $0-$5k | 0.00 |
Summary
A vulnerability was found in Twibright Labs Links 2.7. It has been classified as problematic. This issue affects some unknown processing of the component Graphical Mode. The manipulation as part of HTML Table leads to numeric error. This vulnerability is referenced as CVE-2013-6050. No exploit is available. It is suggested to install a patch to address this issue.
Details
A vulnerability was found in Twibright Labs Links 2.7 and classified as critical. This issue affects an unknown code block of the component Graphical Mode. The manipulation as part of a HTML Table leads to a numeric error vulnerability. Using CWE to declare the problem leads to CWE-189. Impacted is confidentiality, integrity, and availability. The summary by CVE is:
Integer overflow in Links before 2.8 allows remote attackers to cause a denial of service (crash) via crafted HTML tables.
The weakness was published 11/30/2013 by Mikulas Patocka with Red Hat as DSA 2807-1 as confirmed mailinglist post (Bugtraq). The advisory is shared at seclists.org. The identification of this vulnerability is CVE-2013-6050 since 10/08/2013. The exploitation is known to be difficult. The attack may be initiated remotely. No form of authentication is needed for a successful exploitation. Neither technical details nor an exploit are publicly available. The advisory points out:
This can only be exploited when running Links in graphical mode.
The vulnerability scanner Nessus provides a plugin with the ID 72411 (GLSA-201402-11 : Links: Denial of Service), which helps to determine the existence of the flaw in a target environment. It is assigned to the family Gentoo Local Security Checks.
Applying a patch is able to eliminate this problem. The bugfix is ready for download at debian.org.
The vulnerability is also documented in the databases at Tenable (72411), OSVDB (100457†) and Vulnerability Center (SBV-42463†). Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
Product
Vendor
Name
Version
CPE 2.3
CPE 2.2
CVSSv4
VulDB Vector: 🔍VulDB Reliability: 🔍
CVSSv3
VulDB Meta Base Score: 10.0VulDB Meta Temp Score: 9.6
VulDB Base Score: 10.0
VulDB Temp Score: 9.6
VulDB Vector: 🔍
VulDB Reliability: 🔍
CVSSv2
| AV | AC | Au | C | I | A |
|---|---|---|---|---|---|
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| 💳 | 💳 | 💳 | 💳 | 💳 | 💳 |
| Vector | Complexity | Authentication | Confidentiality | Integrity | Availability |
|---|---|---|---|---|---|
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
| Unlock | Unlock | Unlock | Unlock | Unlock | Unlock |
VulDB Base Score: 🔍
VulDB Temp Score: 🔍
VulDB Reliability: 🔍
NVD Base Score: 🔍
Exploiting
Class: Numeric errorCWE: CWE-189
CAPEC: 🔍
ATT&CK: 🔍
Physical: No
Local: No
Remote: Yes
Availability: 🔍
Status: Not defined
EPSS Score: 🔍
EPSS Percentile: 🔍
Price Prediction: 🔍
Current Price Estimation: 🔍
| 0-Day | Unlock | Unlock | Unlock | Unlock |
|---|---|---|---|---|
| Today | Unlock | Unlock | Unlock | Unlock |
Nessus ID: 72411
Nessus Name: GLSA-201402-11 : Links: Denial of Service
Nessus File: 🔍
Nessus Risk: 🔍
Nessus Family: 🔍
Nessus Port: 🔍
OpenVAS ID: 892807
OpenVAS Name: Debian Security Advisory DSA 2807-1 (links2 - integer overflow
OpenVAS File: 🔍
OpenVAS Family: 🔍
Threat Intelligence
Interest: 🔍Active Actors: 🔍
Active APT Groups: 🔍
Countermeasures
Recommended: PatchStatus: 🔍
0-Day Time: 🔍
Patch: debian.org
Timeline
10/08/2013 🔍11/30/2013 🔍
11/30/2013 🔍
12/02/2013 🔍
12/03/2013 🔍
12/04/2013 🔍
12/07/2013 🔍
02/10/2014 🔍
06/02/2021 🔍
Sources
Advisory: DSA 2807-1Researcher: Mikulas Patocka
Organization: Red Hat
Status: Confirmed
CVE: CVE-2013-6050 (🔍)
GCVE (CVE): GCVE-0-2013-6050
GCVE (VulDB): GCVE-100-11345
OVAL: 🔍
OSVDB: 100457
Vulnerability Center: 42463 - Links2 in Graphical Mode Remote DoS Vulnerability due to Integer Overflow, Medium
Entry
Created: 12/03/2013 14:34Updated: 06/02/2021 15:26
Changes: 12/03/2013 14:34 (74), 05/16/2017 04:39 (1), 06/02/2021 15:26 (2)
Complete: 🔍
Cache ID: 216::103
Several companies clearly confirm that VulDB is the primary source for best vulnerability data.
No comments yet. Languages: en.
Please log in to comment.