Vulnerability Details CVE-2002-0175
libsafe 2.0-11 and earlier allows attackers to bypass protection against format string vulnerabilities via format strings that use the "'" and "I" characters, which are implemented in libc but not libsafe.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.001
EPSS Ranking 26.9%
CVSS Severity
CVSS v2 Score 4.6
References
- http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0070.html
- http://online.securityfocus.com/archive/1/263121
- http://www.iss.net/security_center/static/8593.php
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-026.php
- http://www.securityfocus.com/bid/4326
- http://archives.neohapsis.com/archives/vulnwatch/2002-q1/0070.html
- http://online.securityfocus.com/archive/1/263121
- http://www.iss.net/security_center/static/8593.php
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-026.php
- http://www.securityfocus.com/bid/4326
Products affected by CVE-2002-0175
-
cpe:2.3:a:avaya:libsafe:1.3.4
-
cpe:2.3:a:avaya:libsafe:1.3.8
-
cpe:2.3:a:avaya:libsafe:2.0.10
-
cpe:2.3:a:avaya:libsafe:2.0.11
-
cpe:2.3:a:avaya:libsafe:2.0.2
-
cpe:2.3:a:avaya:libsafe:2.0.5
-
cpe:2.3:a:avaya:libsafe:2.0.9