Description
Multiple format string vulnerabilities in Midnight Commander (mc) before 4.6.0 may allow attackers to cause a denial of service or execute arbitrary code.
References (6)
Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/16021
Vendor Advisory vendor-advisory
x_refsource_mandrake
http://www.mandriva.com/security/advisories?name=MDKSA-2004:039
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2004/dsa-497
Vendor Advisory vendor-advisory
x_refsource_suse
http://www.novell.com/linux/security/advisories/2004_12_mc.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-200405-21.xml
Vendor Advisory vendor-advisory
x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2004-172.html
Scores
EPSS
0.0103
EPSS Percentile
77.6%
Details
Status
published
Products (25)
gentoo/linux
0.5
gentoo/linux
0.7
gentoo/linux
1.1a
gentoo/linux
1.2
gentoo/linux
1.4 (4 CPE variants)
midnight_commander/midnight_commander
4.5.40
midnight_commander/midnight_commander
4.5.41
midnight_commander/midnight_commander
4.5.42
midnight_commander/midnight_commander
4.5.43
midnight_commander/midnight_commander
4.5.44
... and 15 more
Published
Aug 18, 2004
Tracked Since
Feb 18, 2026