CVE-2008-1705

CWE-134Uncontrolled Format String5 documents4 sources
Severity
6.8MEDIUM
EPSS
5.2%
top 10.05%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
IBM Soliddb
Timeline
PublishedApr 9
Latest updateMay 1

Description

Format string vulnerability in the logging function in IBM solidDB 06.00.1018 and earlier allows remote attackers to execute arbitrary code via format string specifiers in the (1) user name, (2) peer name, and possibly unspecified other fields.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages1 packages

NVDibm/soliddb06.00.1018

🔴Vulnerability Details

2
GHSA
GHSA-pm8g-j2pp-65h6: Format string vulnerability in the logging function in IBM solidDB 062022-05-01
CVEList
CVE-2008-1705: Format string vulnerability in the logging function in IBM solidDB 062008-04-09

💬Community

1
Bugzilla
CVE-2008-5718 netatalk: papd command injection vulnerability2009-01-19
CVE-2008-1705 (MEDIUM CVSS 6.8) | Format string vulnerability in the | cvebase.io