Vulnerability CVE-2012-2944: Information

Description

Buffer overflow in the addchar function in common/parseconf.c in upsd in Network UPS Tools (NUT) before 2.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (electric-power outage) via a long string containing non-printable characters.

Severity: HIGH (7.5)

URL: https://nvd.nist.gov/vuln/detail/CVE-2012-2944
Published: June 2, 2012
Modified: Jan. 5, 2018
Error type identifier: CWE-119

References to Advisories, Solutions, and Tools

Hyperlink
Resource
http://alioth.debian.org/tracker/?func=detail&aid=313636
  • Exploit
49348
  • Vendor Advisory
http://networkupstools.org/docs/user-manual.chunked/apis01.html
    53743
      82409
        http://trac.networkupstools.org/projects/nut/changeset/3633
          MDVSA-2012:087
            openSUSE-SU-2012:1069
              50389
                networkupstools-addchar-bo(75980)
                  DSA-2484

                      1. Configuration 1

                        cpe:2.3:a:networkupstools:nut:2.6.0:*:*:*:*:*:*:*
                        cpe:2.3:a:networkupstools:nut:2.6.0-1:*:*:*:*:*:*:*
                        cpe:2.3:a:networkupstools:nut:2.6.3-1:*:*:*:*:*:*:*
                        cpe:2.3:a:networkupstools:nut:2.4.2:*:*:*:*:*:*:*
                        cpe:2.3:a:networkupstools:nut:2.6.0:pre1:*:*:*:*:*:*
                        cpe:2.3:a:networkupstools:nut:2.6.1:*:*:*:*:*:*:*
                        cpe:2.3:a:networkupstools:nut:2.6.1-1:*:*:*:*:*:*:*
                        cpe:2.3:a:networkupstools:nut:*:*:*:*:*:*:*:*
                        End including
                        2.6.3-3
                        cpe:2.3:a:networkupstools:nut:2.4.3:*:*:*:*:*:*:*
                    VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                    Version: v24.4.2
                    Back to top