Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2013-4147

CWE-134 — Uncontrolled Format String4 documents4 sources

Severity

7.5HIGH

EPSS

10.6%

top 6.73%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Yard Radius Project Yard Radius

Timeline

PublishedAug 9

Latest updateMay 17

Description

Multiple format string vulnerabilities in Yet Another Radius Daemon (YARD RADIUS) 1.1.2 allow context-dependent attackers to cause a denial of service (crash) or possibly execute arbitrary code via format string specifiers in a request in the (1) log_msg function in log.c or (2) version or (3) build_version function in version.c.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages1 packages

▶NVDyard_radius_project/yard_radius1.1.2-4

🔴Vulnerability Details

GHSA

GHSA-m843-mrw3-f2mr: Multiple format string vulnerabilities in Yet Another Radius Daemon (YARD RADIUS) 1↗2022-05-17

▶

CVEList

CVE-2013-4147: Multiple format string vulnerabilities in Yet Another Radius Daemon (YARD RADIUS) 1↗2013-08-09

▶

💥Exploits & PoCs

Exploit-DB

YardRadius - Multiple Local Format String Vulnerabilities↗2013-06-30

▶