CVE-2013-2131

Rrdtool - Format String Vulnerability

Title source: rule

Description

Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Thomas Pollet · cremotemultiple

https://www.exploit-db.com/exploits/38521

View Code ZIP pw:eip

References (6)

[Issue Tracking] https://bugzilla.redhat.com/show_bug.cgi?id=969296

[Issue Tracking] https://github.com/oetiker/rrdtool-1.x/issues/396

[Issue Tracking] https://github.com/oetiker/rrdtool-1.x/pull/397

[Mailing List] http://www.openwall.com/lists/oss-security/2013/04/18/5

[Mailing List] http://www.openwall.com/lists/oss-security/2013/05/19/5

[Mailing List] http://www.openwall.com/lists/oss-security/2013/05/31/2

Scores

EPSS 0.1287

EPSS Percentile 94.1%

Details

CWE

CWE-134

Status published

Products (1)

rrdtool_project/rrdtool 1.4.7

Published Jan 04, 2015

Tracked Since Feb 18, 2026