CVE-2017-14500

Published Sep 17, 2017

Last updated 4 years ago

CVSS high 8.8

Overview

Description: Improper Neutralization of Special Elements used in an OS Command in the podcast playback function of Podbeuter in Newsbeuter 0.3 through 2.9 allows remote attackers to perform user-assisted code execution by crafting an RSS item with a media enclosure (i.e., a podcast file) that includes shell metacharacters in its filename, related to pb_controller.cpp and queueloader.cpp, a different vulnerability than CVE-2017-12904.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 3.0

Type: Primary
Base score: 8.8
Impact score: 5.9
Exploitability score: 2.8
Vector string: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Severity: HIGH

CVSS 2.0

Type: Primary
Base score: 6.8
Impact score: 6.4
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:P/I:P/A:P

Weaknesses

nvd@nist.gov: CWE-78

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:newsbeuter:newsbeuter:0.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4AF4978C-4EBF-41ED-962F-0890E5BDC071"
          },
          {
            "criteria": "cpe:2.3:a:newsbeuter:newsbeuter:0.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DCDA3939-74B1-4A44-955D-1BA1D2A23C0F"
          },
          {
            "criteria": "cpe:2.3:a:newsbeuter:newsbeuter:0.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B242B9F1-3B5B-41EE-8CFF-BCC3008B785A"
          },
          {
            "criteria": "cpe:2.3:a:newsbeuter:newsbeuter:0.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "733B891C-63E6-45A2-AE6D-32A4C860A07D"
          },
          {
            "criteria": "cpe:2.3:a:newsbeuter:newsbeuter:0.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "684B7199-9344-4DBA-90AD-DEDEC056F213"
          },
          {
            "criteria": "cpe:2.3:a:newsbeuter:newsbeuter:0.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "45CD698E-70A1-43A0-B828-3DBD519DDDF9"
          },
          {
            "criteria": "cpe:2.3:a:newsbeuter:newsbeuter:0.8.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "379E21B5-D427-45EC-B674-9BCC8A47CA76"
          },
          {
            "criteria": "cpe:2.3:a:newsbeuter:newsbeuter:0.8.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB0B1B93-8E8C-4A77-98F8-CE5BFED550DF"
          },
          {
            "criteria": "cpe:2.3:a:newsbeuter:newsbeuter:0.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1C907407-E178-43BF-A433-9BC73EB7FD5F"
          },
          {
            "criteria": "cpe:2.3:a:newsbeuter:newsbeuter:0.9.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DB3A20C1-1FB7-43C8-A78E-FBEBB4E888AF"
          },
          {
            "criteria": "cpe:2.3:a:newsbeuter:newsbeuter:1.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A3F963DE-447B-4D6C-A508-C4449C67F1C8"
          },
          {
            "criteria": "cpe:2.3:a:newsbeuter:newsbeuter:1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B7BAF663-30D1-4584-A0B0-CF02D2646877"
          },
          {
            "criteria": "cpe:2.3:a:newsbeuter:newsbeuter:1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "50AD4B86-FED2-4469-BBD7-B698A7C1B4AE"
          },
          {
            "criteria": "cpe:2.3:a:newsbeuter:newsbeuter:1.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "62E8E19D-024A-4F73-B66F-87741325BC35"
          },
          {
            "criteria": "cpe:2.3:a:newsbeuter:newsbeuter:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A34C699-1E62-4A54-B929-0C187299ABD8"
          },
          {
            "criteria": "cpe:2.3:a:newsbeuter:newsbeuter:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F5E5E120-42BD-4846-9C6B-D51804C902A1"
          },
          {
            "criteria": "cpe:2.3:a:newsbeuter:newsbeuter:2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BFC168D9-75AB-43DD-A1F6-103F14AD9995"
          },
          {
            "criteria": "cpe:2.3:a:newsbeuter:newsbeuter:2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9FA4C1C6-33AD-420C-ABA3-F7254A51BDDC"
          },
          {
            "criteria": "cpe:2.3:a:newsbeuter:newsbeuter:2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2EC3FE66-8689-4F61-9035-00DAD02A1527"
          },
          {
            "criteria": "cpe:2.3:a:newsbeuter:newsbeuter:2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0FADF671-B5B0-4634-AA18-15551363293B"
          },
          {
            "criteria": "cpe:2.3:a:newsbeuter:newsbeuter:2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E8DC0AC-DA20-4A93-9561-C2D906D0D1CD"
          },
          {
            "criteria": "cpe:2.3:a:newsbeuter:newsbeuter:2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "DD6A06A3-2A06-4DDC-851A-6B27B7BB7F24"
          },
          {
            "criteria": "cpe:2.3:a:newsbeuter:newsbeuter:2.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A5CDB422-35D4-42E5-A897-3C12C6E16E51"
          },
          {
            "criteria": "cpe:2.3:a:newsbeuter:newsbeuter:2.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8ECF398D-94EA-4628-99A2-35B698579B96"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.0

CVSS 2.0

Weaknesses

Social media

Configurations

References