CVE-2017-17514
Last modified
CVE-2017-17514 is a high-severity vulnerability rated 8.8/10 on the CVSS scale. boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER environment variable. EPSS estimates a 1.69% chance of exploitation in the next 30 days.
Description
boxes.c in nip2 8.4.0 does not validate strings before launching the program specified by the BROWSER environment variable, which might allow remote attackers to conduct argument-injection attacks via a crafted URL. NOTE: a software maintainer indicates that this product does not use the BROWSER environment variable
Metrics
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Nip2 Project | Nip2 | 8.4.0 |
| Debian | Debian Linux | 7.0 |
| Debian | Debian Linux | 8.0 |
| Debian | Debian Linux | 9.0 |
| Debian | Debian Linux | 10.0 |
References
- https://github.com/jcupitt/nip2/issues/70Issue Tracking, Third Party Advisory
- https://security-tracker.debian.org/tracker/CVE-2017-17514Issue Tracking, Third Party Advisory
- https://github.com/jcupitt/nip2/issues/70Issue Tracking, Third Party Advisory
- https://security-tracker.debian.org/tracker/CVE-2017-17514Issue Tracking, Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2017-17514?
How severe is CVE-2017-17514?
How do I fix CVE-2017-17514?
Are you affected by CVE-2017-17514?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST