CVE-2012-2944

Network UPS Tools <2.6.4 - Buffer Overflow

Title source: llm
STIX 2.1

Description

Buffer overflow in the addchar function in common/parseconf.c in upsd in Network UPS Tools (NUT) before 2.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (electric-power outage) via a long string containing non-printable characters.

References (11)

Core 11
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75980
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2012/dsa-2484
Vendor Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:087
Third Party Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/50389
Various Sources vendor-advisory x_refsource_suse
https://hermes.opensuse.org/messages/15514634
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/49348
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/53743
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/82409

Scores

EPSS 0.0624
EPSS Percentile 92.7%

Details

CWE
CWE-119
Status published
Products (8)
networkupstools/nut 2.4.2
networkupstools/nut 2.4.3
networkupstools/nut 2.6.0 (2 CPE variants)
networkupstools/nut 2.6.0-1
networkupstools/nut 2.6.1
networkupstools/nut 2.6.1-1
networkupstools/nut 2.6.3-1
networkupstools/nut < 2.6.3-3
Published Jun 01, 2012
Tracked Since Feb 18, 2026