CVE-2017-17514

Опубликовано: 14 дек. 2017

Источник: nvd

CVSS3: 8.8

CVSS2: 6.8

EPSS Низкий

Описание

boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER environment variable

Ссылки

https://github.com/jcupitt/nip2/issues/70
Issue Tracking
Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2017-17514
Issue Tracking
Third Party Advisory
https://github.com/jcupitt/nip2/issues/70
Issue Tracking
Third Party Advisory
https://security-tracker.debian.org/tracker/CVE-2017-17514
Issue Tracking
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:nip2_project:nip2:8.4.0:*:*:*:*:*:*:*

Конфигурация 2

Одно из

cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 68%

0.0056

Низкий

8.8 High

CVSS3

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-74

Связанные уязвимости

CVE-2017-17514

CVSS3: 8.8

ubuntu

около 8 лет назад

CVE-2017-17514

CVSS3: 8.8

debian

около 8 лет назад

boxes.c in nip2 8.4.0 does not validate strings before launching the p ...

GHSA-x3rr-c2w2-46x3

CVSS3: 8.8

github

больше 3 лет назад

** DISPUTED ** boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER environment variable.

EPSS

Процентиль: 68%

0.0056

Низкий

8.8 High

CVSS3

8.8 High

CVSS3

6.8 Medium

CVSS2

Дефекты

CWE-74