CVE-2011-4930

CWE-134Uncontrolled Format String7 documents6 sources
Severity
4.4MEDIUM
EPSS
0.1%
top 73.04%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Condor Project CondorFedoraproject FedoraRedhat Enterprise MRG
Timeline
PublishedFeb 10
Latest updateMay 13

Description

Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possibly certain 7.7.x versions, as used in Red Hat MRG Grid and possibly other products, allow local users to cause a denial of service (condor_schedd daemon and failure to launch jobs) and possibly execute arbitrary code via format string specifiers in (1) the reason for a hold for a job that uses an XML user log, (2) the filename of a file to be transferred, and possibly other unspecified vectors.

CVSS vector

AV:L/AC:M/C:P/I:P/A:PExploitability: 3.4 | Impact: 6.4

Affected Packages2 packages

NVDcondor_project/condor18 versions+17
NVDredhat/enterprise_mrg1.3, 2.0+1

Also affects: Fedora 15, 16

🔴Vulnerability Details

2
GHSA
GHSA-xf2q-8pgg-943r: Multiple format string vulnerabilities in Condor 72022-05-13
CVEList
CVE-2011-4930: Multiple format string vulnerabilities in Condor 72014-02-10

📋Vendor Advisories

2
Red Hat
Condor: Multiple format string flaws2012-02-06
Debian
CVE-2011-4930: condor - Multiple format string vulnerabilities in Condor 7.2.0 through 7.6.4, and possib...2011

💬Community

2
Bugzilla
CVE-2011-4930 Condor: Multiple format string flaws [fedora-all]2012-02-06
Bugzilla
CVE-2011-4930 Condor: Multiple format string flaws2011-12-02
CVE-2011-4930 (MEDIUM CVSS 4.4) | Multiple format string vulnerabilit | cvebase.io