CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
COMPLETE
Integrity Impact
COMPLETE
Availability Impact
COMPLETE
AV:N/AC:M/Au:N/C:C/I:C/A:C
EPSS
Percentile
97.3%
Secunia reports:
A vulnerability has been discovered in PLIB, which can be
exploited by malicious people to compromise an application using
the library.
The vulnerability is caused due to a boundary error within the
“ulSetError()” function (src/util/ulError.cxx) when creating the
error message, which can be exploited to overflow a static
buffer.
Successful exploitation allows the execution of arbitrary code
but requires that the attacker can e.g. control the content of
an overly long error message passed to the “ulSetError()”
function.
The vulnerability is confirmed in version 1.8.5. Other versions
may also be affected.