CVE-2006-0743

CWE-134 — Uncontrolled Format String5 documents5 sources

Severity

5.0MEDIUM

EPSS

4.5%

top 10.91%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apache Log4net

Timeline

PublishedMar 9

Latest updateMay 1

Description

Format string vulnerability in LocalSyslogAppender in Apache log4net 1.2.9 might allow remote attackers to cause a denial of service (memory corruption and termination) via unknown vectors.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶NVDapache/log4net1.2.9_beta

▶NuGetlog4net< 1.2.10

Patches

Patch: issues.apache.org ↗Patch: secunia.com ↗Patch: issues.apache.org ↗

🔴Vulnerability Details

OSV

Apache log4net format string vulnerability causes DoS↗2022-05-01

▶

GHSA

Apache log4net format string vulnerability causes DoS↗2022-05-01

▶

CVEList

CVE-2006-0743: Format string vulnerability in LocalSyslogAppender in Apache log4net 1↗2006-03-09

▶

📋Vendor Advisories

Red Hat

CVE-2006-0743: Format string vulnerability in LocalSyslogAppender in Apache log4net 1↗

▶