CVE-2017-7938
published 2017-04-20CVE-2017-7938: Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application…
PriorityP433medium6.6CVSS 3.1
AVLACLPRLUINSUCLILAH
EXPLOIT
EPSS
4.99%
91.1th percentile
Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long argument. An example threat model is automated execution of DMitry with hostname strings found in local log files.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dmitry | < dmitry 1.3a-1.2+deb12u1 (bookworm) | dmitry 1.3a-1.2+deb12u1 (bookworm) |
| mor-pah.net | dmitry_deepmagic_information_gathering_tool | — | — |
| mor-pah.net | dmitry_deepmagic_information_gathering_tool | >= 0 < 1.3a-1.1+deb11u1 | 1.3a-1.1+deb11u1 |
| mor-pah.net | dmitry_deepmagic_information_gathering_tool | >= 0 < 1.3a-1.2+deb12u1 | 1.3a-1.2+deb12u1 |
| mor-pah.net | dmitry_deepmagic_information_gathering_tool | >= 0 < 1.3a-5 | 1.3a-5 |
| mor-pah.net | dmitry_deepmagic_information_gathering_tool | >= 0 < 1.3a-5 | 1.3a-5 |
CVSS provenance
nvdv3.16.6MEDIUMCVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:H
nvdv3.09.8CRITICALCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv6.6MEDIUM
vendor_debian6.6MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2024-31837: dmitry - DMitry (Deepmagic Information Gathering Tool) 1.3a has a format-string vulnerabi...
vendor_debian·2024·CVSS 6.6
CVE-2024-31837 [MEDIUM] CVE-2024-31837: dmitry - DMitry (Deepmagic Information Gathering Tool) 1.3a has a format-string vulnerabi...
DMitry (Deepmagic Information Gathering Tool) 1.3a has a format-string vulnerability, with a threat model similar to CVE-2017-7938.
Scope: local
bookworm: resolved (fixed in 1.3a-1.2+deb12u1)
bullseye: resolved (fixed in 1.3a-1.1+deb11u1)
forky: resolved (fixed in 1.3a-5)
sid: resolved (fixed in 1.3a-5)
trixie: resolved (fixed in 1.3a-5)
Debian
CVE-2017-7938: dmitry - Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) ver...
vendor_debian·2017·CVSS 6.6
CVE-2017-7938 [MEDIUM] CVE-2017-7938: dmitry - Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) ver...
Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long argument. An example threat model is automated execution of DMitry with hostname strings found in local log files.
Scope: local
bookworm: resolved (fixed in 1.3a-1.2+deb12u1)
bullseye: resolved (fixed in 1.3a-1.1+deb11u1)
forky: resolved (fixed in 1.3a-5)
sid: resolved (fixed in 1.3a-5)
trixie: resolved (fixed in 1.3a-5)
OSV
CVE-2024-31837: DMitry (Deepmagic Information Gathering Tool) 1
osv·2024-04-30·CVSS 6.6
CVE-2024-31837 [MEDIUM] CVE-2024-31837: DMitry (Deepmagic Information Gathering Tool) 1
DMitry (Deepmagic Information Gathering Tool) 1.3a has a format-string vulnerability, with a threat model similar to CVE-2017-7938.
GHSA
GHSA-9x99-qq28-ff9g: DMitry (Deepmagic Information Gathering Tool) 1
ghsa_unreviewed·2024-04-30·CVSS 6.6
CVE-2024-31837 [MEDIUM] CWE-134 GHSA-9x99-qq28-ff9g: DMitry (Deepmagic Information Gathering Tool) 1
DMitry (Deepmagic Information Gathering Tool) 1.3a has a format-string vulnerability, with a threat model similar to CVE-2017-7938.
GHSA
GHSA-494m-pv6g-vh73: Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1
ghsa_unreviewed·2022-05-17
CVE-2017-7938 [CRITICAL] CWE-119 GHSA-494m-pv6g-vh73: Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1
Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long argument. An example threat model is automated execution of DMitry with hostname strings found in local log files.
OSV
CVE-2017-7938: Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1
osv·2017-04-20·CVSS 6.6
CVE-2017-7938 [MEDIUM] CVE-2017-7938: Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1
Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long argument. An example threat model is automated execution of DMitry with hostname strings found in local log files.
No detection rules found.
No writeups or analysis indexed.
https://cxsecurity.com/issue/WLB-2017040113https://github.com/jaygreig86/dmitry/pull/12https://packetstormsecurity.com/files/142210/Dmitry-1.3a-Local-Stack-Buffer-Overflow.htmlhttps://www.exploit-db.com/exploits/41898/https://cxsecurity.com/issue/WLB-2017040113https://github.com/jaygreig86/dmitry/pull/12https://lists.debian.org/debian-lts-announce/2024/10/msg00024.htmlhttps://packetstormsecurity.com/files/142210/Dmitry-1.3a-Local-Stack-Buffer-Overflow.htmlhttps://www.exploit-db.com/exploits/41898/
2017-04-20
Published