CVE-2014-6262
published 2020-02-12CVE-2014-6262: Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to…
PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
7.25%
93.6th percentile
Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131.
Affected
3 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| debian | rrdtool | < rrdtool 1.5.4-1 (bookworm) | rrdtool 1.5.4-1 (bookworm) |
| zenoss | zenoss_core | < 4.2.5 | 4.2.5 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv5.0MEDIUM
vendor_debian5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-f8vh-3m24-38r6: Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4
ghsa_unreviewed·2022-05-17·CVSS 5.0
CVE-2014-6262 [MEDIUM] CWE-134 GHSA-f8vh-3m24-38r6: Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4
Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131.
OSV
CVE-2014-6262: Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4
osv·2020-02-12·CVSS 5.0
CVE-2014-6262 [MEDIUM] CVE-2014-6262: Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4
Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131.
Debian
CVE-2014-6262: rrdtool - Multiple format string vulnerabilities in the python module in RRDtool, as used ...
vendor_debian·2014·CVSS 5.0
CVE-2014-6262 [MEDIUM] CVE-2014-6262: rrdtool - Multiple format string vulnerabilities in the python module in RRDtool, as used ...
Multiple format string vulnerabilities in the python module in RRDtool, as used in Zenoss Core before 4.2.5 and other products, allow remote attackers to execute arbitrary code or cause a denial of service (application crash) via a crafted third argument to the rrdtool.graph function, aka ZEN-15415, a related issue to CVE-2013-2131.
Scope: local
bookworm: resolved (fixed in 1.5.4-1)
bullseye: resolved (fixed in 1.5.4-1)
forky: resolved (fixed in 1.5.4-1)
sid: resolved (fixed in 1.5.4-1)
trixie: resolved (fixed in 1.5.4-1)
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://www.kb.cert.org/vuls/id/449452https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharinghttps://github.com/oetiker/rrdtool-1.x/commit/64ed5314af1255ab6dded45f70b39cdeab5ae2echttps://github.com/oetiker/rrdtool-1.x/commit/85261a013112e278c90224033f5b0592ee387786https://github.com/oetiker/rrdtool-1.x/pull/532https://lists.debian.org/debian-lts-announce/2020/03/msg00000.htmlhttps://lists.debian.org/debian-lts-announce/2020/03/msg00003.htmlhttps://www.securityfocus.com/bid/71540http://www.kb.cert.org/vuls/id/449452https://docs.google.com/spreadsheets/d/1dHAc4PxUbs-4Dxzm1wSCE0sMz5UCMY6SW3PlMHSyuuQ/edit?usp=sharinghttps://github.com/oetiker/rrdtool-1.x/commit/64ed5314af1255ab6dded45f70b39cdeab5ae2echttps://github.com/oetiker/rrdtool-1.x/commit/85261a013112e278c90224033f5b0592ee387786https://github.com/oetiker/rrdtool-1.x/pull/532https://lists.debian.org/debian-lts-announce/2020/03/msg00000.htmlhttps://lists.debian.org/debian-lts-announce/2020/03/msg00003.htmlhttps://www.securityfocus.com/bid/71540
2020-02-12
Published