CVE Vulnerabilities

CVE-2016-1895

Use of Externally-Controlled Format String

Published: Sep 01, 2017 | Modified: Apr 20, 2025
CVSS 3.x
6.5
MEDIUM
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
4 MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

NetApp Data ONTAP before 8.2.5 and 8.3.x before 8.3.2P12 allow remote authenticated users to cause a denial of service via vectors related to unsafe user input string handling.

Weakness

The product uses a function that accepts a format string as an argument, but the format string originates from an external source.

Affected Software

Name Vendor Start Version End Version
Data_ontap Netapp * 8.2.4 (including)
Data_ontap Netapp 8.3.2p12 (including) 8.3.2p12 (including)
Data_ontap Netapp 9.0 (including) 9.0 (including)

Potential Mitigations

References