Double free vulnerability in the prepare_exec function in src/exec.c in Logsurfer 1.5b and earlier, and Logsurfer+ 1.7 and earlier, allows remote attackers to execute arbitrary commands via crafted strings in a log file.
CVSS 2.0
Severity: HIGH
Problem Type: CWE-399,
Products Affected
| Vendor | Product | Version |
|---|---|---|
| drusus | logsurfer | 1.1 |
| drusus | logsurfer | * |
| kerry_thompson | logsurfer+ | * |
| kerry_thompson | logsurfer+ | 1.6a |
| drusus | logsurfer | 1.3 |
| drusus | logsurfer | 1.4 |
| drusus | logsurfer | 1.5a |
| drusus | logsurfer | 1.5 |
| kerry_thompson | logsurfer+ | 1.6b |
| kerry_thompson | logsurfer+ | 1.6 |
| drusus | logsurfer | 1.2 |
| kerry_thompson | logsurfer+ | 1.5b |
| drusus | logsurfer | 1.41 |
| kerry_thompson | logsurfer+ | 1.5a |