CVE-2023-46586

Опубликовано: 09 окт. 2024

Источник: debian

Описание

cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 (before 1.0) lacks '\0' termination of the path for CGI scripts because strncpy is misused.

Пакет	Статус	Версия исправления	Релиз	Тип
weborf	fixed	1.0-1		package
weborf	fixed	0.19-2.1+deb12u1	bookworm	package
weborf	fixed	0.17-3+deb11u1	bullseye	package
weborf	not-affected		buster	package

https://github.com/ltworf/weborf/pull/88
Fixed by: https://github.com/ltworf/weborf/commit/49824204add55aab0568d90a6b1e7c822d32120d (1.0)
Introduced by: https://github.com/ltworf/weborf/commit/6f83c3e9ceed8b0d93608fd5d42b53c081057991 (0.16)

CVE-2023-46586

CVSS3: 9.1

ubuntu

больше 1 года назад

cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 (before 1.0) lacks '\0' termination of the path for CGI scripts because strncpy is misused.

CVE-2023-46586

CVSS3: 9.1

nvd

больше 1 года назад

cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 (before 1.0) lacks '\0' termination of the path for CGI scripts because strncpy is misused.

GHSA-c477-fwvr-v9fx

CVSS3: 9.1

github

больше 1 года назад

cgi.c in weborf .0.17, 0.18, 0.19, and 0.20 (before 1.0) lacks '\0' termination of the path for CGI scripts because strncpy is misused.