CVE-2006-2191

4 documents4 sources

Severity

7.5HIGH

EPSS

0.9%

top 24.98%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

GNU Mailman

Timeline

PublishedSep 19

Latest updateMay 1

Description

Format string vulnerability in Mailman before 2.1.9 allows attackers to execute arbitrary code via unspecified vectors. NOTE: the vendor has disputed this vulnerability, stating that it is "unexploitable.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶Debianmailman< 1:2.1.9-1

▶NVDgnu/mailman2.1.8

Patches

Patch: mail.python.org ↗Patch: mail.python.org ↗

🔴Vulnerability Details

GHSA

GHSA-2gpc-wgcp-jq34: ** DISPUTED ** Format string vulnerability in Mailman before 2↗2022-05-01

▶

OSV

CVE-2006-2191: Format string vulnerability in Mailman before 2↗2006-09-19

▶

CVEList

CVE-2006-2191: Format string vulnerability in Mailman before 2↗2006-09-19

▶