Vulnerability Details CVE-2012-2944
Buffer overflow in the addchar function in common/parseconf.c in upsd in Network UPS Tools (NUT) before 2.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (electric-power outage) via a long string containing non-printable characters.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.08
EPSS Ranking 91.7%
CVSS Severity
CVSS v2 Score 7.5
References
- http://alioth.debian.org/tracker/?func=detail&aid=313636
- http://networkupstools.org/docs/user-manual.chunked/apis01.html
- http://secunia.com/advisories/49348
- http://secunia.com/advisories/50389
- http://trac.networkupstools.org/projects/nut/changeset/3633
- http://www.debian.org/security/2012/dsa-2484
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:087
- http://www.osvdb.org/82409
- http://www.securityfocus.com/bid/53743
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75980
- https://hermes.opensuse.org/messages/15514634
- http://alioth.debian.org/tracker/?func=detail&aid=313636
- http://networkupstools.org/docs/user-manual.chunked/apis01.html
- http://secunia.com/advisories/49348
- http://secunia.com/advisories/50389
- http://trac.networkupstools.org/projects/nut/changeset/3633
- http://www.debian.org/security/2012/dsa-2484
- http://www.mandriva.com/security/advisories?name=MDVSA-2012:087
- http://www.osvdb.org/82409
- http://www.securityfocus.com/bid/53743
- https://exchange.xforce.ibmcloud.com/vulnerabilities/75980
- https://hermes.opensuse.org/messages/15514634
Products affected by CVE-2012-2944
-
cpe:2.3:a:networkupstools:nut:*
-
cpe:2.3:a:networkupstools:nut:2.4.2
-
cpe:2.3:a:networkupstools:nut:2.4.3
-
cpe:2.3:a:networkupstools:nut:2.6.0
-
cpe:2.3:a:networkupstools:nut:2.6.0-1
-
cpe:2.3:a:networkupstools:nut:2.6.1
-
cpe:2.3:a:networkupstools:nut:2.6.1-1
-
cpe:2.3:a:networkupstools:nut:2.6.3-1