CVE-2004-2160 — Use of Externally-Controlled Format String in Command Line XML Toolkit

5 documents5 sources

Severity

6.4MEDIUMNVD

EPSS

0.8%

top 26.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Xmlstarlet Command Line XML Toolkit

Timeline

PublishedDec 31

Latest updateApr 29

Description

Format string vulnerability in xml_elem.c for XMLStarlet Command Line XML Toolkit 0.9.3 may allow attackers to cause a denial of service or execute arbitrary code.

CVSS vector

AV:N/AC:L/C:N/I:P/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages1 packages

▶NVDxmlstarlet/command_line_xml_toolkit0.9.3

Patches

Patch: sourceforge.net ↗Patch: sourceforge.net ↗

🔴Vulnerability Details

GHSA

GHSA-2g2m-8qqm-fqp4: Format string vulnerability in xml_elem↗2022-04-29

▶

CVEList

CVE-2004-2160: Format string vulnerability in xml_elem↗2005-07-10

▶

OSV

CVE-2004-2160: Format string vulnerability in xml_elem↗2004-12-31

▶

📋Vendor Advisories

Debian

CVE-2004-2160: xmlstarlet - Format string vulnerability in xml_elem.c for XMLStarlet Command Line XML Toolki...↗2004

▶