CVE-2015-4067

Dell NetVault Backup - Remote Code Execution via Crafted Template String Specifiers

Title source: llm
STIX 2.1

Description

Integer overflow in the libnv6 module in Dell NetVault Backup before 10.0.5 allows remote attackers to execute arbitrary code via crafted template string specifiers in a serialized object, which triggers a heap-based buffer overflow.

References (2)

Core 2
Core References
Third Party Advisory x_refsource_misc
http://www.zerodayinitiative.com/advisories/ZDI-15-240/
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/74841

Scores

EPSS 0.1081
EPSS Percentile 93.5%

Details

CWE
CWE-189
Status published
Products (1)
dell/netvault_backup 10.0.5
Published May 29, 2015
Tracked Since Feb 18, 2026