Double free vulnerability in the prepare_exec function in src/exec.c in Logsurfer 1.5b and earlier, and Logsurfer+ 1.7 and earlier, allows remote attackers to execute arbitrary commands via crafted strings in a log file.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Logsurfer | Drusus | * | 1.5b (including) |
Logsurfer | Drusus | 1.1 (including) | 1.1 (including) |
Logsurfer | Drusus | 1.2 (including) | 1.2 (including) |
Logsurfer | Drusus | 1.3 (including) | 1.3 (including) |
Logsurfer | Drusus | 1.4 (including) | 1.4 (including) |
Logsurfer | Drusus | 1.5 (including) | 1.5 (including) |
Logsurfer | Drusus | 1.5-beta (including) | 1.5-beta (including) |
Logsurfer | Drusus | 1.5-beta2 (including) | 1.5-beta2 (including) |
Logsurfer | Drusus | 1.5a (including) | 1.5a (including) |
Logsurfer | Drusus | 1.41 (including) | 1.41 (including) |