Format String Vulnerability in libsafe by ISS
CVE-2002-0175

Currently unrated

Key Information:

Vendor: Avaya
Status: Libsafe
Vendor: CVE Published:; 22 April 2002

Summary

libsafe versions 2.0-11 and earlier are susceptible to a security flaw that enables attackers to circumvent format string protections. This vulnerability arises from specific format strings that use the characters "'" and "I", which are recognized by libc but omitted in libsafe. As a result, this oversight allows malicious actors to exploit applications that rely on libsafe for protection against format string vulnerabilities. Proper awareness and timely updates are crucial to mitigate these risks.

References

http://www.iss.net/security_center/static/8593.php

vdb-entryx_refsource_XF

http://archives.neohapsis.com/archives/vulnwatch/2002-q1/...

mailing-listx_refsource_VULNWATCH

http://online.securityfocus.com/archive/1/263121

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Apr 22, 2002
Vulnerability Reserved
Apr 15, 2002