Vulnerability Details : CVE-2011-2903
Heap-based buffer overflow in tcptrack before 1.4.2 might allow attackers to execute arbitrary code via a long command line argument. NOTE: this is only a vulnerability in limited scenarios in which tcptrack is "configured as a handler for other applications." This issue might not qualify for inclusion in CVE.
Vulnerability category: OverflowExecute code
Products affected by CVE-2011-2903
- cpe:2.3:a:rhythm:tcptrack:*:*:*:*:*:*:*:*
- cpe:2.3:a:rhythm:tcptrack:1.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:rhythm:tcptrack:1.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:rhythm:tcptrack:1.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:rhythm:tcptrack:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:rhythm:tcptrack:1.1:beta1:*:*:*:*:*:*
- cpe:2.3:a:rhythm:tcptrack:1.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:rhythm:tcptrack:1.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:rhythm:tcptrack:1.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:rhythm:tcptrack:1.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:rhythm:tcptrack:1.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:rhythm:tcptrack:1.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:rhythm:tcptrack:1.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:rhythm:tcptrack:1.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:rhythm:tcptrack:1.4.0:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2011-2903
1.58%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 87 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2011-2903
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
6.8
|
MEDIUM | AV:N/AC:M/Au:N/C:P/I:P/A:P |
8.6
|
6.4
|
NIST |
CWE ids for CVE-2011-2903
-
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.Assigned by: nvd@nist.gov (Primary)
References for CVE-2011-2903
-
http://seclists.org/oss-sec/2011/q3/293
oss-sec: Re: CVE request: heap overflow in tcptrack < 1.4.2
-
http://www.securityfocus.com/bid/49352
tcptrack Command Line Parsing Heap Based Buffer Overflow Vulnerability
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/69467
tcptrack command line buffer overflow CVE-2011-2903 Vulnerability Report
-
http://www.rhythm.cx/~steve/devel/tcptrack/
rhythm.cxPatch
-
https://bugs.gentoo.org/show_bug.cgi?id=377917
377917 – (CVE-2011-2903) <net-analyzer/tcptrack-1.4.2 - heap overflow in command line parsing (CVE-2011-2903)
-
https://bugzilla.redhat.com/show_bug.cgi?id=729096
729096 – (CVE-2011-2903) CVE-2011-2903 tcptrack: heap overflow in parsing the command linePatch
-
http://www.openwall.com/lists/oss-security/2011/08/31/1
oss-security - Re: CVE request: heap overflow in tcptrack < 1.4.2
Jump to