CVE-2013-2131

Format string vulnerability in the rrdtool module 1.4.7 for Python, as used in Zenoss, allows context-dependent attackers to cause a denial of service (crash) via format string specifiers to the rrdtool.graph function.

Weakness

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Affected Software

Name	Vendor	Start Version	End Version
Rrdtool	Rrdtool_project	1.4.7 (including)	1.4.7 (including)
Rrdtool	Ubuntu	artful	*
Rrdtool	Ubuntu	bionic	*
Rrdtool	Ubuntu	cosmic	*
Rrdtool	Ubuntu	devel	*
Rrdtool	Ubuntu	disco	*
Rrdtool	Ubuntu	eoan	*
Rrdtool	Ubuntu	esm-infra-legacy/trusty	*
Rrdtool	Ubuntu	esm-infra/bionic	*
Rrdtool	Ubuntu	esm-infra/focal	*
Rrdtool	Ubuntu	esm-infra/xenial	*
Rrdtool	Ubuntu	focal	*
Rrdtool	Ubuntu	groovy	*
Rrdtool	Ubuntu	hirsute	*
Rrdtool	Ubuntu	impish	*
Rrdtool	Ubuntu	jammy	*
Rrdtool	Ubuntu	kinetic	*
Rrdtool	Ubuntu	lucid	*
Rrdtool	Ubuntu	lunar	*
Rrdtool	Ubuntu	mantic	*
Rrdtool	Ubuntu	noble	*
Rrdtool	Ubuntu	oracular	*
Rrdtool	Ubuntu	plucky	*
Rrdtool	Ubuntu	precise	*
Rrdtool	Ubuntu	precise/esm	*
Rrdtool	Ubuntu	quantal	*
Rrdtool	Ubuntu	questing	*
Rrdtool	Ubuntu	raring	*
Rrdtool	Ubuntu	saucy	*
Rrdtool	Ubuntu	trusty	*
Rrdtool	Ubuntu	trusty/esm	*
Rrdtool	Ubuntu	upstream	*
Rrdtool	Ubuntu	utopic	*
Rrdtool	Ubuntu	vivid	*
Rrdtool	Ubuntu	wily	*
Rrdtool	Ubuntu	xenial	*
Rrdtool	Ubuntu	yakkety	*
Rrdtool	Ubuntu	zesty	*

NVD	https://nvd.nist.gov/vuln/detail/CVE-2013-2131
CWE	https://cwe.mitre.org/data/definitions/134.html

Use of Externally-Controlled Format String

Weakness

Affected Software

Potential Mitigations

References

CVE-2013-2131

Use of Externally-Controlled Format String

Weakness

Affected Software

Potential Mitigations

Related Attack Patterns

References