Description
Buffer overflow in the addchar function in common/parseconf.c in upsd in Network UPS Tools (NUT) before 2.6.4 allows remote attackers to execute arbitrary code or cause a denial of service (electric-power outage) via a long string containing non-printable characters.
References (11)
Core 11
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/75980
Third Party Advisory vendor-advisory
x_refsource_debian
http://www.debian.org/security/2012/dsa-2484
Exploit x_refsource_confirm
http://alioth.debian.org/tracker/?func=detail&aid=313636
Vendor Advisory vendor-advisory
x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2012:087
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/50389
Various Sources x_refsource_confirm
http://trac.networkupstools.org/projects/nut/changeset/3633
Various Sources vendor-advisory
x_refsource_suse
https://hermes.opensuse.org/messages/15514634
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/49348
Various Sources x_refsource_confirm
http://networkupstools.org/docs/user-manual.chunked/apis01.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/53743
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://www.osvdb.org/82409
Scores
EPSS
0.0624
EPSS Percentile
92.7%
Details
CWE
CWE-119
Status
published
Products (8)
networkupstools/nut
2.4.2
networkupstools/nut
2.4.3
networkupstools/nut
2.6.0 (2 CPE variants)
networkupstools/nut
2.6.0-1
networkupstools/nut
2.6.1
networkupstools/nut
2.6.1-1
networkupstools/nut
2.6.3-1
networkupstools/nut
< 2.6.3-3
Published
Jun 01, 2012
Tracked Since
Feb 18, 2026