Candidate: CVE-2017-17511
PublicDate: 2017-12-14 16:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-17511
 https://sources.debian.org/src/kildclient/3.1.0-1/src/worldgui.c/?hl=1159#L1159
 https://sources.debian.org/src/kildclient/3.1.0-1/src/prefs.c/?hl=324#L324
 https://security-tracker.debian.org/tracker/CVE-2017-17511
Description:
 KildClient 3.1.0 does not validate strings before launching the program
 specified by the BROWSER environment variable, which might allow remote
 attackers to conduct argument-injection attacks via a crafted URL, related
 to prefs.c and worldgui.c.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=885007
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H [8.8 HIGH]


Patches_kildclient:
upstream_kildclient: released (3.2.0-1)
precise/esm_kildclient: DNE
trusty_kildclient: released (2.11.1-1+deb7u2build0.14.04.1)
trusty/esm_kildclient: DNE (trusty was released [2.11.1-1+deb7u2build0.14.04.1])
xenial_kildclient: ignored (end of standard support, was needed)
zesty_kildclient: ignored (reached end-of-life)
artful_kildclient: ignored (reached end-of-life)
bionic_kildclient: not-affected (3.2.0-2)
cosmic_kildclient: not-affected (3.2.0-2)
disco_kildclient: not-affected (3.2.0-2)
eoan_kildclient: not-affected (3.2.0-2)
focal_kildclient: not-affected (3.2.0-2)
groovy_kildclient: not-affected (3.2.0-2)
hirsute_kildclient: not-affected (3.2.0-2)
impish_kildclient: not-affected (3.2.0-2)
jammy_kildclient: not-affected (3.2.0-2)
devel_kildclient: not-affected (3.2.0-2)