Search criteria
ⓘ
Use this form to refine search results.
Full-text search supports keyword queries with ranking and filtering.
You can combine vendor, product, and sources to narrow results.
Enable “Apply ordering” to sort by date instead of relevance.
Related vulnerabilities
GSD-2007-6183
Vulnerability from gsd - Updated: 2007-11-27 00:00Details
Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2007-6183",
"description": "Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter.",
"id": "GSD-2007-6183",
"references": [
"https://www.debian.org/security/2007/dsa-1431"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"affected": [
{
"package": {
"ecosystem": "RubyGems",
"name": "gtk2",
"purl": "pkg:gem/gtk2"
}
}
],
"aliases": [
"CVE-2007-6183",
"OSVDB-40774"
],
"details": "Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter.",
"id": "GSD-2007-6183",
"modified": "2007-11-27T00:00:00.000Z",
"published": "2007-11-27T00:00:00.000Z",
"references": [
{
"type": "WEB",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6183"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": 6.8,
"type": "CVSS_V2"
}
],
"summary": "CVE-2007-6183 ruby-gnome2: format string vulnerability"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6183",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "GLSA-200712-09",
"refsource": "GENTOO",
"url": "http://security.gentoo.org/glsa/glsa-200712-09.xml"
},
{
"name": "27825",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27825"
},
{
"name": "http://ruby-gnome2.svn.sourceforge.net/viewvc/ruby-gnome2/ruby-gnome2/trunk/gtk/src/rbgtkmessagedialog.c?view=log",
"refsource": "CONFIRM",
"url": "http://ruby-gnome2.svn.sourceforge.net/viewvc/ruby-gnome2/ruby-gnome2/trunk/gtk/src/rbgtkmessagedialog.c?view=log"
},
{
"name": "28022",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28022"
},
{
"name": "26616",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/26616"
},
{
"name": "20071127 Ruby/Gnome2 0.16.0 Format String Vulnerability",
"refsource": "BUGTRAQ",
"url": "http://www.securityfocus.com/archive/1/484240/100/0/threaded"
},
{
"name": "FEDORA-2007-4216",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00214.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=402871",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=402871"
},
{
"name": "3407",
"refsource": "SREASON",
"url": "http://securityreason.com/securityalert/3407"
},
{
"name": "ADV-2007-4022",
"refsource": "VUPEN",
"url": "http://www.vupen.com/english/advisories/2007/4022"
},
{
"name": "FEDORA-2007-4229",
"refsource": "FEDORA",
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00251.html"
},
{
"name": "27975",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/27975"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=200623",
"refsource": "CONFIRM",
"url": "http://bugs.gentoo.org/show_bug.cgi?id=200623"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453689",
"refsource": "CONFIRM",
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453689"
},
{
"name": "28060",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/28060"
},
{
"name": "40774",
"refsource": "OSVDB",
"url": "http://osvdb.org/40774"
},
{
"name": "DSA-1431",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2007/dsa-1431"
},
{
"name": "http://em386.blogspot.com/2007/11/your-favorite-better-than-c-scripting.html",
"refsource": "MISC",
"url": "http://em386.blogspot.com/2007/11/your-favorite-better-than-c-scripting.html"
},
{
"name": "MDVSA-2008:033",
"refsource": "MANDRIVA",
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:033"
},
{
"name": "rubygnome2-mdiaginitialize-format-string(38757)",
"refsource": "XF",
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38757"
}
]
}
},
"github.com/rubysec/ruby-advisory-db": {
"cve": "2007-6183",
"cvss_v2": 6.8,
"date": "2007-11-27",
"description": "Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter.",
"gem": "gtk2",
"osvdb": 40774,
"patched_versions": [
"\u003e 0.16.0"
],
"title": "CVE-2007-6183 ruby-gnome2: format string vulnerability",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2007-6183"
},
"gitlab.com": {
"advisories": [
{
"affected_range": "=0.16.0",
"affected_versions": "Version 0.16.0",
"cvss_v2": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"cwe_ids": [
"CWE-1035",
"CWE-134",
"CWE-937"
],
"date": "2018-10-15",
"description": "Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2), and SVN, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter.",
"fixed_versions": [
"0.20.0"
],
"identifier": "CVE-2007-6183",
"identifiers": [
"CVE-2007-6183"
],
"not_impacted": "All versions before 0.16.0, all versions after 0.16.0",
"package_slug": "gem/gtk2",
"pubdate": "2007-11-30",
"solution": "Upgrade to version 0.20.0 or above.",
"title": "Use of Externally-Controlled Format String",
"urls": [
"https://nvd.nist.gov/vuln/detail/CVE-2007-6183"
],
"uuid": "e9dd4902-6bde-434b-8d8c-89923a9f3146"
}
]
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:ruby_gnome2:ruby_gnome2:0.16.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2007-6183"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "Format string vulnerability in the mdiag_initialize function in gtk/src/rbgtkmessagedialog.c in Ruby-GNOME 2 (aka Ruby/Gnome2) 0.16.0, and SVN versions before 20071127, allows context-dependent attackers to execute arbitrary code via format string specifiers in the message parameter."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-134"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://ruby-gnome2.svn.sourceforge.net/viewvc/ruby-gnome2/ruby-gnome2/trunk/gtk/src/rbgtkmessagedialog.c?view=log",
"refsource": "CONFIRM",
"tags": [
"Exploit"
],
"url": "http://ruby-gnome2.svn.sourceforge.net/viewvc/ruby-gnome2/ruby-gnome2/trunk/gtk/src/rbgtkmessagedialog.c?view=log"
},
{
"name": "http://em386.blogspot.com/2007/11/your-favorite-better-than-c-scripting.html",
"refsource": "MISC",
"tags": [],
"url": "http://em386.blogspot.com/2007/11/your-favorite-better-than-c-scripting.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=402871",
"refsource": "MISC",
"tags": [],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=402871"
},
{
"name": "http://bugs.gentoo.org/show_bug.cgi?id=200623",
"refsource": "CONFIRM",
"tags": [],
"url": "http://bugs.gentoo.org/show_bug.cgi?id=200623"
},
{
"name": "FEDORA-2007-4216",
"refsource": "FEDORA",
"tags": [],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00214.html"
},
{
"name": "FEDORA-2007-4229",
"refsource": "FEDORA",
"tags": [],
"url": "https://www.redhat.com/archives/fedora-package-announce/2007-December/msg00251.html"
},
{
"name": "GLSA-200712-09",
"refsource": "GENTOO",
"tags": [],
"url": "http://security.gentoo.org/glsa/glsa-200712-09.xml"
},
{
"name": "26616",
"refsource": "BID",
"tags": [],
"url": "http://www.securityfocus.com/bid/26616"
},
{
"name": "27825",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/27825"
},
{
"name": "27975",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/27975"
},
{
"name": "28022",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/28022"
},
{
"name": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453689",
"refsource": "CONFIRM",
"tags": [],
"url": "http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=453689"
},
{
"name": "DSA-1431",
"refsource": "DEBIAN",
"tags": [],
"url": "http://www.debian.org/security/2007/dsa-1431"
},
{
"name": "28060",
"refsource": "SECUNIA",
"tags": [],
"url": "http://secunia.com/advisories/28060"
},
{
"name": "MDVSA-2008:033",
"refsource": "MANDRIVA",
"tags": [],
"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:033"
},
{
"name": "3407",
"refsource": "SREASON",
"tags": [],
"url": "http://securityreason.com/securityalert/3407"
},
{
"name": "40774",
"refsource": "OSVDB",
"tags": [],
"url": "http://osvdb.org/40774"
},
{
"name": "ADV-2007-4022",
"refsource": "VUPEN",
"tags": [],
"url": "http://www.vupen.com/english/advisories/2007/4022"
},
{
"name": "rubygnome2-mdiaginitialize-format-string(38757)",
"refsource": "XF",
"tags": [],
"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/38757"
},
{
"name": "20071127 Ruby/Gnome2 0.16.0 Format String Vulnerability",
"refsource": "BUGTRAQ",
"tags": [],
"url": "http://www.securityfocus.com/archive/1/484240/100/0/threaded"
}
]
}
},
"impact": {
"baseMetricV2": {
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "MEDIUM",
"userInteractionRequired": false
}
},
"lastModifiedDate": "2018-10-15T21:50Z",
"publishedDate": "2007-11-30T00:46Z"
}
}
}