Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The printf wrappers in libsafe 2.0-11 and earlier do not properly handle argument indexing specifiers, which could allow attackers to exploit certain function calls through arguments that are not verified by libsafe.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Libsafe格式串参数数目检查可绕过漏洞
Vulnerability Description
Libsafe是免费开放源代码设计用于保护缓冲溢出和格式化串攻击的程序,由Avaya Labs开发维护,运行在Linux系统下。 Libsafe对部分C库格式标识不能正确解析,可导致格式字符串攻击可绕过。 Libsafe对C库中的格式标识"%2$n"没有进行正确的解析,当此格式标识"%2$n"使用两个参数的时候,第一个参数的格式化串将被Libsafe检查,而第二个参数的格式化串没有被Libsafe检查,因此攻击者可以第二个格式化串不检查漏洞进行攻击而绕过Libsafe的保护。
CVSS Information
N/A
Vulnerability Type
N/A