CVE-2003-0098 — Use of Externally-Controlled Format String in Apcupsd

4 documents4 sources

Severity

10.0CRITICALNVD

EPSS

6.8%

top 8.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apcupsd Debian Apcupsd Debian Linux

Timeline

PublishedMar 3

Latest updateMay 3

Description

Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows remote attackers to gain root privileges, possibly via format strings in a request to a slave server.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

▶debiandebian/apcupsd< apcupsd 3.8.5-1.2 (bookworm)

▶NVDapcupsd/apcupsd3.10.0 — 3.10.5+1

▶Debianapcupsd/apcupsd< 3.8.5-1.2+3

Also affects: Debian Linux 2.2, 3.0

Patches

Patch: www.debian.org ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-9xf5-hxpg-rcfj: Unknown vulnerability in apcupsd before 3↗2022-05-03

▶

OSV

CVE-2003-0098: Unknown vulnerability in apcupsd before 3↗2003-03-03

▶

📋Vendor Advisories

Debian

CVE-2003-0098: apcupsd - Unknown vulnerability in apcupsd before 3.8.6, and 3.10.x before 3.10.5, allows ...↗2003

▶