CVE-2004-0354

Name of the Vulnerable Software and Affected Versions GNU Anubis versions 3.6.0 through 3.6.2 GNU Anubis versions 3.9.92 and 3.9.93

Description The issue allows remote attackers to execute arbitrary code via format string specifiers in strings passed to certain functions. Specifically, the info function in log.c, the anubis error function in errs.c, or the ssl error function in ssl.c are vulnerable.

Recommendations For GNU Anubis versions 3.6.0 through 3.6.2, consider updating to a version outside of this range to mitigate the risk. For GNU Anubis versions 3.9.92 and 3.9.93, consider updating to a version outside of this range to mitigate the risk. As a temporary workaround, consider restricting input to the info, anubis error, and ssl error functions to minimize the risk of exploitation.