VDB
CVE-2007-4644
CVE-2007-4644
PUBLISHED
CVSS 7.5 HIGH
Format string vulnerability in the Cl_GetPackets function in cl_main.c in the client in Doomsday (aka deng) 1.9.0-beta5.1 and earlier allows remote Doomsday servers to execute arbitrary code via format string specifiers in a PSV_CONSOLE_TEXT message.
EPSS 1.87% · 83.5th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
1.87%
83.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| doomsday | doomsday | 0 |
Timeline
- Aug 31, 2007 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- 3084 third-party-advisory
- 28821 third-party-advisory
- http://bugs.gentoo.org/show_bug.cgi?id=190835 url
- 26524 third-party-advisory
- 20070829 Multiple vulnerabilities in Doomsday 1.9.0-beta5.1 mailing-list
- 25483 vdb
- GLSA-200802-02 vendor-advisory
- doomsday-clgetpackets-format-string(36337) vdb
- http://aluigi.org/poc/dumsdei.zip url
- https://nvd.nist.gov/vuln/detail/CVE-2007-4644 advisory