Format string vulnerability in the p_cgi_error function in python/neo_cgi.c in the Python CGI Kit (neo_cgi) module for Clearsilver 0.10.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are not properly handled when creating CGI error messages using the cgi_error API function.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-134,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| brandon_long | clearsilver | 0.9.7 |
| brandon_long | clearsilver | 0.9.14 |
| brandon_long | clearsilver | 0.10.1 |
| brandon_long | clearsilver | 0.9.0 |
| brandon_long | clearsilver | 0.9.6 |
| brandon_long | clearsilver | 0.8.1 |
| brandon_long | clearsilver | 0.10.4 |
| brandon_long | clearsilver | 0.1 |
| brandon_long | clearsilver | 0.9.1 |
| brandon_long | clearsilver | 0.3 |
| brandon_long | clearsilver | 0.2 |
| brandon_long | clearsilver | 0.4 |
| brandon_long | clearsilver | 0.8.0 |
| brandon_long | clearsilver | * |
| brandon_long | clearsilver | 0.5 |
| brandon_long | clearsilver | 0.7.1 |
| brandon_long | clearsilver | 0.2.1 |
| brandon_long | clearsilver | 0.7 |
| brandon_long | clearsilver | 0.7.2 |
| brandon_long | clearsilver | 0.10.3 |
| brandon_long | clearsilver | 0.6 |
| brandon_long | clearsilver | 0.9.3 |
| brandon_long | clearsilver | 0.9.2 |
| brandon_long | clearsilver | 0.10.2 |