cbcvebase.
CVE-2008-5660
published 2008-12-17

CVE-2008-5660: Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow…

PriorityP349medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EXPLOIT
EPSS
9.12%
94.7th percentile
Format string vulnerability in the vinagre_utils_show_error function (src/vinagre-utils.c) in Vinagre 0.5.x before 0.5.2 and 2.x before 2.24.2 might allow remote attackers to execute arbitrary code via format string specifiers in a crafted URI or VNC server response.

Affected

15 ranges
VendorProductVersion rangeFixed in
debianvinagre< vinagre 0.5.1-2 (bookworm)vinagre 0.5.1-2 (bookworm)
gnomevinagre
gnomevinagre
gnomevinagre
gnomevinagre
gnomevinagre
gnomevinagre
gnomevinagre
gnomevinagre
gnomevinagre
gnomevinagre
gnomevinagre
gnomevinagre
gnomevinagre>= 0 < 0.5.1-20.5.1-2
gnomevinagre>= 0 < 0.5.1-20.5.1-2

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.