CVE-2019-6991 Detail Current Description A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username.

View Analysis Description Analysis Description A classic Stack-based buffer overflow exists in the zmLoadUser() function in zm_user.cpp of the zmu binary in ZoneMinder through 1.32.3, allowing an unauthenticated attacker to execute code via a long username. Severity CVSS Version 3.x CVSS Version 2.0



CVSS 3.x Severity and Metrics:

NIST: NVD Base Score: 9.8 CRITICAL Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS 2.0 Severity and Metrics:



NIST: NVD Base Score: 7.5 HIGH Vector: (AV:N/AC:L/Au:N/C:P/I:P/A:P) Weakness Enumeration CWE-ID CWE Name Source CWE-787 Out-of-bounds Write NIST Known Affected Software Configurations Switch to CPE 2.2 CPEs loading, please wait. Denotes Vulnerable Software

Are we missing a CPE here? Please let us know.

Change History 2 change records found show changes CWE Remap 8/24/2020 1:37:01 PM Action Type Old Value New Value Changed CWE CWE-119



CWE-787



Initial Analysis 1/29/2019 11:44:01 AM Action Type Old Value New Value Added CPE Configuration OR *cpe:2.3:a:zoneminder:zoneminder:*:*:*:*:*:*:*:* versions up to (including) 1.32.3



Added CVSS V2 (AV:N/AC:L/Au:N/C:P/I:P/A:P)



Added CVSS V3 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H



Added CWE CWE-119



Changed Reference Type https://github.com/ZoneMinder/zoneminder/issues/2478 No Types Assigned



https://github.com/ZoneMinder/zoneminder/issues/2478 Exploit, Issue Tracking, Third Party Advisory



Changed Reference Type https://github.com/ZoneMinder/zoneminder/pull/2482 No Types Assigned



https://github.com/ZoneMinder/zoneminder/pull/2482 Patch, Third Party Advisory



Quick Info CVE Dictionary Entry:

CVE-2019-6991

NVD Published Date:

01/28/2019

NVD Last Modified:

08/24/2020

Source:

MITRE

