MidnightBSD

Advisories for brandon_long

CVE-2011-4357 HIGH

Format string vulnerability in the p_cgi_error function in python/neo_cgi.c in the Python CGI Kit (neo_cgi) module for Clearsilver 0.10.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are not properly handled when creating CGI error messages using the cgi_error API function.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-134,

Products Affected

Vendor Product Version
brandon_long clearsilver 0.9.7
brandon_long clearsilver 0.9.14
brandon_long clearsilver 0.10.1
brandon_long clearsilver 0.9.0
brandon_long clearsilver 0.9.6
brandon_long clearsilver 0.8.1
brandon_long clearsilver 0.10.4
brandon_long clearsilver 0.1
brandon_long clearsilver 0.9.1
brandon_long clearsilver 0.3
brandon_long clearsilver 0.2
brandon_long clearsilver 0.4
brandon_long clearsilver 0.8.0
brandon_long clearsilver *
brandon_long clearsilver 0.5
brandon_long clearsilver 0.7.1
brandon_long clearsilver 0.2.1
brandon_long clearsilver 0.7
brandon_long clearsilver 0.7.2
brandon_long clearsilver 0.10.3
brandon_long clearsilver 0.6
brandon_long clearsilver 0.9.3
brandon_long clearsilver 0.9.2
brandon_long clearsilver 0.10.2