CVE-2012-0802
spamdyke < 4.3.0 - Remote Code Execution via Buffer Overflow in snprintf/vsnprintf Usage
Title source: llmDescription
Multiple buffer overflows in Spamdyke before 4.3.0 might allow remote attackers to execute arbitrary code via vectors related to "serious errors in the usage of snprintf()/vsnprintf()" in which the return values may be larger than the size of the buffer.
References (8)
Core 8
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.mail-archive.com/spamdyke-release%40spamdyke.org/msg00014.html
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/47548
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/01/23/5
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/51440
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/78351
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/48257
Various Sources x_refsource_confirm
http://www.spamdyke.org/documentation/Changelog.txt
Third Party Advisory vendor-advisory
x_refsource_gentoo
http://security.gentoo.org/glsa/glsa-201203-01.xml
Scores
EPSS
0.0457
EPSS Percentile
90.5%
Details
CWE
CWE-119
Status
published
Products (25)
spamdyke/spamdyke
3.0.0
spamdyke/spamdyke
3.0.1
spamdyke/spamdyke
3.1.0
spamdyke/spamdyke
3.1.1
spamdyke/spamdyke
3.1.2
spamdyke/spamdyke
3.1.3
spamdyke/spamdyke
3.1.4
spamdyke/spamdyke
3.1.5
spamdyke/spamdyke
3.1.6
spamdyke/spamdyke
3.1.7
... and 15 more
Published
Jun 19, 2012
Tracked Since
Feb 18, 2026