CyberSec.Space Logo
Back to CVE Browser

CVE-2004-1214

CRITICAL
10.0
CVSS Severity Score
EPSS Score0.1230%
EPSS Percentile5.99th
PublishedJan 10, 2005
Last ModifiedApr 16, 2026

Vulnerability Description

Format string vulnerability in Kreed 1.05 and earlier allows remote attackers to execute arbitrary code via format specifiers in (1) a nickname or (2) message text.

Affected Platforms (CPE)

πŸ“¦
Burut

Kreed

= 1.5

References & Advisories

πŸ”— http://marc.info/?l=bugtraq&m=110201776207915&w=2
πŸ”— http://www.securityfocus.com/bid/11799
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/18343
πŸ”— http://marc.info/?l=bugtraq&m=110201776207915&w=2
πŸ”— http://www.securityfocus.com/bid/11799
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/18343

Related Vulnerabilities

CVE-2004-12155.0

Kreed 1.05 and earlier allows remote attackers to cause a denial of service (server disconnect) via a long UDP packet, which cause...

CVE-2004-12165.0

The scripts that handle players in Kreed 1.05 and earlier allow remote attackers to cause a denial of service (server freeze) via ...

CVE-2004-041810.0

serve_notify in CVS 1.12.x through 1.12.8, and 1.11.x through 1.11.16, does not properly handle empty data lines, which may allow ...

CVE-2004-129010.0

Buffer overflow in the process_moves function in pgn2web.c for pgn2web 0.3 allows remote attackers to execute arbitrary code via a...