CVE-2014-6262

HIGH7.5EPSS 19.7%

rrdtool - security update

發布日:2020/2/12修改日:2026/4/28

也稱為:DEBIAN-CVE-2014-6262

描述

Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131.

受影響套件(2)

Debian/rrdtoolfrom 0, < 1.5.4-1
Debian/rrdtoolfrom 0, < 1.4.8-1.2+deb8u1

CVSS 分數

來源	版本	嚴重程度	向量
osv	CVSS 3.1	HIGH7.5	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2014-6262