Description
Format string vulnerability in Logger.cc for Spey 0.3.3 allows attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in a syslog call.
References (4)
Core 4
Core References
Exploit x_refsource_confirm
http://spey.cvs.sourceforge.net/spey/spey/src/Logger.cc?r1=1.5&r2=1.6
Product x_refsource_confirm
http://spey.cvs.sourceforge.net/spey/spey/src/Logger.cc?view=log
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/21327
Product x_refsource_confirm
http://sourceforge.net/forum/forum.php?forum_id=514029
Scores
EPSS
0.0193
EPSS Percentile
77.7%
Details
CWE
CWE-20
Status
published
Products (1)
spey/spey
0.3.3
Published
Dec 31, 2005
Tracked Since
Feb 18, 2026