Описание
vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives.
Ссылки
- URL Repurposed
- URL Repurposed
Уязвимые конфигурации
Конфигурация 1
Одно из
cpe:2.3:a:inter7:vpopmail_vchkpw:4.5:*:*:*:*:*:*:*
cpe:2.3:a:inter7:vpopmail_vchkpw:4.7:*:*:*:*:*:*:*
EPSS
Процентиль: 72%
0.00739
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other
Связанные уязвимости
github
больше 3 лет назад
vchkpw program in vpopmail before version 4.8 does not properly cleanse an untrusted format string used in a call to syslog, which allows remote attackers to cause a denial of service via a USER or PASS command that contains arbitrary formatting directives.
EPSS
Процентиль: 72%
0.00739
Низкий
5 Medium
CVSS2
Дефекты
NVD-CWE-Other