CVSS: 4.6EPSS: 0%CPEs: 4EXPL: 2CVE-2013-4256
https://notcve.org/view.php?id=CVE-2013-4256
Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display command argument to the ProcessCommandLine function in server/os/utils.c; (2) ResetHosts function in server/os/access.c; (3) open_unix_socket, (4) open_isc_local, (5) open_xsight_local, (6) open_att_local, or (7) open_att_svr4_local function in server/os/connection.c; the (8) AUDIOHOST environment variable to the CreateWellKnownSockets or (9) AmoebaTCPConnectorThread function in server/os/connection.c; or (10) unspecified vectors related to logging in the osLogMsg function in server/os/aulog.c. Múltiples desbordamientos de búffer basados en memoria dinámica y pila en Network Audio System (NAS) 1.9.3 permite a usuarios locales provocar una denegación de servicio (cierre) o posiblemente ejecutar código arbitrario a través de (1) mostrar argumentos de comando a la función ProcessCommandLine en server/os/utils.c; (2) función ResetHosts en server/os/access.c; (3) open_unix_socket, (4) open_isc_local, (5) open_xsight_local, (6) open_att_local, o (7) la función open_att_svr4_local en server/os/connection.c; la variable de entorno (8) AUDIOHOST a CreateWellKnownSockets o la función (9) AmoebaTCPConnectorThread en server/os/connection.c; o (10) vectores sin especificar relacionados con logging en la función en server/os/aulog.c. • http://radscan.com/pipermail/nas/2013-August/001270.html http://sourceforge.net/p/nas/code/288 http://www.debian.org/security/2013/dsa-2771 http://www.openwall.com/lists/oss-security/2013/08/16/2 http://www.openwall.com/lists/oss-security/2013/08/19/3 http://www.securityfocus.com/bid/61848 http://www.ubuntu.com/usn/USN-1986-1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 7.5EPSS: 7%CPEs: 1EXPL: 1CVE-2013-4258
https://notcve.org/view.php?id=CVE-2013-4258
Format string vulnerability in the osLogMsg function in server/os/aulog.c in Network Audio System (NAS) 1.9.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to syslog. Vulnerabilidad de cadena de formato en la función de osLogMsg en server/os/aulog.c de Network Audio System (NAS) 1.9.3 permite a atacantes remotos provocar una denegación de servicio (cuelgue) o posiblemente ejecutar código arbitrario a través de especificadores de cadenas de formato en vectores sin especificar, relacionados con syslog. • http://radscan.com/pipermail/nas/2013-August/001270.html http://radscan.com/pipermail/nas/2013-August/001277.html http://sourceforge.net/mailarchive/forum.php?thread_name=E1Rp1rP-00038Z-VJ%40sfp-svn-6.v30.ch3.sourceforge.com&forum_name=nas-commits http://www.debian.org/security/2013/dsa-2771 http://www.openwall.com/lists/oss-security/2013/08/16/2 http://www.openwall.com/lists/oss-security/2013/08/19/3 http://www.securityfocus.com/bid/61852 • CWE-134: Use of Externally-Controlled Format String •