CVE-2011-4357
Clearsilver < 0.10.5 - Format String Vulnerability via Python CGI Kit Error Handling
Title source: llmDescription
Format string vulnerability in the p_cgi_error function in python/neo_cgi.c in the Python CGI Kit (neo_cgi) module for Clearsilver 0.10.5 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers that are not properly handled when creating CGI error messages using the cgi_error API function.
References (7)
Core 7
Core References
Issue Tracking x_refsource_confirm
http://code.google.com/p/clearsilver/source/detail?r=919
Various Sources x_refsource_confirm
http://tech.groups.yahoo.com/group/ClearSilver/message/1422
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2011/dsa-2355
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/77419
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/11/27/1
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/71599
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/47016
Scores
EPSS
0.0306
EPSS Percentile
85.8%
Details
CWE
CWE-134
Status
published
Products (24)
brandon_long/clearsilver
0.1
brandon_long/clearsilver
0.2
brandon_long/clearsilver
0.2.1
brandon_long/clearsilver
0.3
brandon_long/clearsilver
0.4
brandon_long/clearsilver
0.5
brandon_long/clearsilver
0.6
brandon_long/clearsilver
0.7
brandon_long/clearsilver
0.7.1
brandon_long/clearsilver
0.7.2
... and 14 more
Published
Dec 10, 2011
Tracked Since
Feb 18, 2026