CVE-2004-2386

critical

Description

Format string vulnerability in the LogMsg function in sercd before 2.3.1 and sredird 2.2.1 and earlier allows remote attackers to execute arbitrary code via format string specifiers passed from the HandleCPCCommand function.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/17056

http://www.securityfocus.com/bid/11031

http://www.securityfocus.com/bid/11002

http://www.osvdb.org/9104

http://www.osvdb.org/8375

http://securitytracker.com/id?1011038

http://secunia.com/advisories/12351

http://cvs.lysator.liu.se/viewcvs/viewcvs.cgi/sercd/sercd.c?root=sercd

Details

Source: Mitre, NVD

Published: 2004-12-31

Updated: 2026-06-16

Risk Information

CVSS v2

Base Score: 7.5

Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P

Severity: High

CVSS v3

Base Score: 9.8

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Severity: Critical

EPSS

EPSS: 0.03829

Detections

Analytics