Use of Externally-Controlled Format String

CVE-2006-2409

Medium

4.6/10

Summary

Format string vulnerability in the raydium_log function in console.c in Raydium before SVN revision 310 allows local users to execute arbitrary code via format string specifiers in the format parameter, which are not properly handled in a call to raydium_console_line_add.

Access Complexity: LOW
AccessVector: LOCAL
Authentication: NONE
Integrity Impact: PARTIAL
Confidentiality Impact: PARTIAL
Availability Impact: PARTIAL

CWE-134 - Use of Externally-Controlled Format String

The software uses a function that accepts a format string as an argument, but the format string originates from an external source.

References

Advisory Timeline

Published May 16, 2006

Use of Externally-Controlled Format String

CVE-2006-2409

Summary

CWE-134 - Use of Externally-Controlled Format String

References

Advisory Timeline

ChainJacking

JetBrains IDE

KICS SaaS