CVE Vulnerabilities

CVE-2003-1381

Use of Externally-Controlled Format String

Published: Dec 31, 2003 | Modified: Apr 03, 2025
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
6.8 MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
RedHat/V2
RedHat/V3
Ubuntu

Format string vulnerability in AMX 0.9.2 and earlier, a plugin for Valve Softwares Half-Life Server, allows remote attackers to execute arbitrary commands via format string specifiers in the amx_say command.

Weakness

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Affected Software

Name Vendor Start Version End Version
Amx_mod Amxmod.net 0.9.2 (including) 0.9.2 (including)

Potential Mitigations

References