CyberSec.Space Logo
Back to CVE Browser

CVE-2019-6991

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1230%
EPSS Percentile40.81th
PublishedJan 28, 2019
Last ModifiedNov 21, 2024

Vulnerability Description

A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username.

Affected Platforms (CPE)

πŸ“¦
Zoneminder

Zoneminder

<= 1.32.3

References & Advisories

πŸ”— https://github.com/ZoneMinder/zoneminder/issues/2478
πŸ”— https://github.com/ZoneMinder/zoneminder/pull/2482
πŸ”— https://github.com/ZoneMinder/zoneminder/issues/2478
πŸ”— https://github.com/ZoneMinder/zoneminder/pull/2482

Related Vulnerabilities

CVE-2008-388210.0

Unspecified "Command Injection" vulnerability in ZoneMinder 1.23.3 and earlier allows remote attackers to execute arbitrary comman...

CVE-2018-10008329.8

ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of ...

CVE-2018-10008339.8

ZoneMinder version <= 1.32.2 contains a Other/Unknown vulnerability in User-controlled parameter that can result in Disclosure of ...

CVE-2019-84239.8

ZoneMinder through 1.32.3 has SQL Injection via the skins/classic/views/events.php filter[Query][terms][0][cnj] parameter.