{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2012-10058", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "state": "PUBLISHED", "assignerShortName": "VulnCheck", "dateReserved": "2025-08-11T19:17:28.541Z", "datePublished": "2025-08-13T20:52:07.004Z", "dateUpdated": "2025-08-14T14:52:24.644Z"}, "containers": {"cna": {"affected": [{"defaultStatus": "unknown", "modules": ["Embedded HTTP server logging subsystem"], "product": "R4 Embedded Server", "vendor": "RabidHamster", "versions": [{"status": "affected", "version": "1.25"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Luigi Auriemma"}], "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "<p>RabidHamster R4 v1.25 contains a&nbsp;stack-based buffer overflow vulnerability due to unsafe use of <code>sprintf()</code> when logging malformed HTTP requests. A remote attacker can exploit this flaw by sending a specially crafted URI, resulting in arbitrary code execution under the context of the web server process.</p>"}], "value": "RabidHamster R4 v1.25 contains a\u00a0stack-based buffer overflow vulnerability due to unsafe use of sprintf() when logging malformed HTTP requests. A remote attacker can exploit this flaw by sending a specially crafted URI, resulting in arbitrary code execution under the context of the web server process."}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"cvssV4_0": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "baseScore": 10, "baseSeverity": "CRITICAL", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-08-13T20:52:07.004Z"}, "references": [{"tags": ["exploit"], "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/rabidhamster_r4_log.rb"}, {"tags": ["exploit"], "url": "https://www.exploit-db.com/exploits/18929"}, {"tags": ["technical-description", "exploit"], "url": "http://aluigi.altervista.org/adv/r4_1-adv.txt"}, {"tags": ["third-party-advisory"], "url": "https://advisories.checkpoint.com/defense/advisories/public/2013/cpai-07-jan405.html"}, {"tags": ["product"], "url": "https://www.rabidhamster.org/R4/download.php"}, {"tags": ["third-party-advisory"], "url": "https://www.vulncheck.com/advisories/rabidhamster-r4-log-entry-buffer-overflow"}], "source": {"discovery": "UNKNOWN"}, "tags": ["unsupported-when-assigned"], "title": "RabidHamster R4 Log Entry sprintf() Buffer Overflow", "x_generator": {"engine": "Vulnogram 0.2.0"}}, "adp": [{"references": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/rabidhamster_r4_log.rb", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-14T13:46:19.568495Z", "id": "CVE-2012-10058", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-14T14:52:24.644Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"cna": {"tags": ["unsupported-when-assigned"], "title": "RabidHamster R4 Log Entry sprintf() Buffer Overflow", "source": {"discovery": "UNKNOWN"}, "credits": [{"lang": "en", "type": "finder", "value": "Luigi Auriemma"}], "impacts": [{"capecId": "CAPEC-100", "descriptions": [{"lang": "en", "value": "CAPEC-100 Overflow Buffers"}]}], "metrics": [{"format": "CVSS", "cvssV4_0": {"Safety": "NOT_DEFINED", "version": "4.0", "Recovery": "NOT_DEFINED", "baseScore": 10, "Automatable": "NOT_DEFINED", "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H", "providerUrgency": "NOT_DEFINED", "userInteraction": "NONE", "attackComplexity": "LOW", "attackRequirements": "NONE", "privilegesRequired": "NONE", "subIntegrityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "subAvailabilityImpact": "HIGH", "vulnAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "affected": [{"vendor": "RabidHamster", "modules": ["Embedded HTTP server logging subsystem"], "product": "R4 Embedded Server", "versions": [{"status": "affected", "version": "1.25"}], "defaultStatus": "unknown"}], "references": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/rabidhamster_r4_log.rb", "tags": ["exploit"]}, {"url": "https://www.exploit-db.com/exploits/18929", "tags": ["exploit"]}, {"url": "http://aluigi.altervista.org/adv/r4_1-adv.txt", "tags": ["technical-description", "exploit"]}, {"url": "https://advisories.checkpoint.com/defense/advisories/public/2013/cpai-07-jan405.html", "tags": ["third-party-advisory"]}, {"url": "https://www.rabidhamster.org/R4/download.php", "tags": ["product"]}, {"url": "https://www.vulncheck.com/advisories/rabidhamster-r4-log-entry-buffer-overflow", "tags": ["third-party-advisory"]}], "x_generator": {"engine": "Vulnogram 0.2.0"}, "descriptions": [{"lang": "en", "value": "RabidHamster R4 v1.25 contains a\u00a0stack-based buffer overflow vulnerability due to unsafe use of sprintf() when logging malformed HTTP requests. A remote attacker can exploit this flaw by sending a specially crafted URI, resulting in arbitrary code execution under the context of the web server process.", "supportingMedia": [{"type": "text/html", "value": "<p>RabidHamster R4 v1.25 contains a&nbsp;stack-based buffer overflow vulnerability due to unsafe use of <code>sprintf()</code> when logging malformed HTTP requests. A remote attacker can exploit this flaw by sending a specially crafted URI, resulting in arbitrary code execution under the context of the web server process.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-121", "description": "CWE-121 Stack-based Buffer Overflow"}]}], "providerMetadata": {"orgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "shortName": "VulnCheck", "dateUpdated": "2025-08-13T20:52:07.004Z"}}, "adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2012-10058", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-14T13:46:19.568495Z"}}}], "references": [{"url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/rabidhamster_r4_log.rb", "tags": ["exploit"]}], "providerMetadata": {"shortName": "CISA-ADP", "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "dateUpdated": "2025-08-14T13:46:23.829Z"}}]}, "cveMetadata": {"cveId": "CVE-2012-10058", "state": "PUBLISHED", "dateUpdated": "2025-08-13T20:52:07.004Z", "dateReserved": "2025-08-11T19:17:28.541Z", "assignerOrgId": "83251b91-4cc7-4094-a5c7-464a1b83ea10", "datePublished": "2025-08-13T20:52:07.004Z", "assignerShortName": "VulnCheck"}, "dataVersion": "5.1"}

{"cveTags": [{"sourceIdentifier": "disclosure@vulncheck.com", "tags": ["unsupported-when-assigned"]}], "descriptions": [{"lang": "en", "value": "RabidHamster R4 v1.25 contains a\u00a0stack-based buffer overflow vulnerability due to unsafe use of sprintf() when logging malformed HTTP requests. A remote attacker can exploit this flaw by sending a specially crafted URI, resulting in arbitrary code execution under the context of the web server process."}, {"lang": "es", "value": "RabidHamster R4 v1.25 contiene una vulnerabilidad de desbordamiento de b\u00fafer en la pila debido al uso inseguro de sprintf() al registrar solicitudes HTTP malformadas. Un atacante remoto puede explotar esta vulnerabilidad enviando una URI especialmente manipulada, lo que provoca la ejecuci\u00f3n de c\u00f3digo arbitrario en el contexto del proceso del servidor web."}], "id": "CVE-2012-10058", "lastModified": "2025-08-14T15:15:31.023", "metrics": {"cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "NETWORK", "availabilityRequirement": "NOT_DEFINED", "baseScore": 10.0, "baseSeverity": "CRITICAL", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "NOT_DEFINED", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "NONE", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "HIGH", "subConfidentialityImpact": "HIGH", "subIntegrityImpact": "HIGH", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "HIGH", "vulnConfidentialityImpact": "HIGH", "vulnIntegrityImpact": "HIGH", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "disclosure@vulncheck.com", "type": "Secondary"}]}, "published": "2025-08-13T21:15:30.290", "references": [{"source": "disclosure@vulncheck.com", "url": "http://aluigi.altervista.org/adv/r4_1-adv.txt"}, {"source": "disclosure@vulncheck.com", "url": "https://advisories.checkpoint.com/defense/advisories/public/2013/cpai-07-jan405.html"}, {"source": "disclosure@vulncheck.com", "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/rabidhamster_r4_log.rb"}, {"source": "disclosure@vulncheck.com", "url": "https://www.exploit-db.com/exploits/18929"}, {"source": "disclosure@vulncheck.com", "url": "https://www.rabidhamster.org/R4/download.php"}, {"source": "disclosure@vulncheck.com", "url": "https://www.vulncheck.com/advisories/rabidhamster-r4-log-entry-buffer-overflow"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://raw.githubusercontent.com/rapid7/metasploit-framework/master/modules/exploits/windows/http/rabidhamster_r4_log.rb"}], "sourceIdentifier": "disclosure@vulncheck.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-121"}], "source": "disclosure@vulncheck.com", "type": "Secondary"}]}

{}