VDB
CVE-2012-2369
CVE-2012-2369
PUBLISHED
CVSS 7.5 HIGH
Format string vulnerability in the log_message_cb function in otr-plugin.c in the Off-the-Record Messaging (OTR) pidgin-otr plugin before 3.2.1 for Pidgin might allow remote attackers to execute arbitrary code via format string specifiers in data that generates a log message.
EPSS 2.03% · 84.1th percentile
Risk Scores
CVSS 2.0
7.5
EPSS Score
2.03%
84.1th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| cypherpunks | pidgin-otr | 0 |
| n/a | n/a | n/a |
Timeline
- May 23, 2012 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 14, 2022 CVE Updated
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
References
- GLSA-201207-05 vendor-advisory
- SUSE-SU-2012:0703 vendor-advisory
- DSA-2476 vendor-advisory
- [oss-security] 20120516 Format string security flaw in pidgin-otr mailing-list
- https://nvd.nist.gov/vuln/detail/CVE-2012-2369 advisory