Unrated severityNVD Advisory· Published Dec 31, 2004· Updated Apr 16, 2026

CVE-2004-2026

Description

Format string vulnerability in the logmsg function in svc.c for Pound 1.5 and earlier allows remote attackers to execute arbitrary code via format string specifiers in syslog messages.

Affected products

Apsis/Pound6 versions
cpe:2.3:a:apsis:pound:1.5:*:*:*:*:*:*:*+ 5 more
- cpe:2.3:a:apsis:pound:1.5:*:*:*:*:*:*:*
- cpe:2.3:a:apsis:pound:1.0:*:*:*:*:*:*:*
- cpe:2.3:a:apsis:pound:1.1:*:*:*:*:*:*:*
- cpe:2.3:a:apsis:pound:1.2:*:*:*:*:*:*:*
- cpe:2.3:a:apsis:pound:1.3:*:*:*:*:*:*:*
- cpe:2.3:a:apsis:pound:1.4:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/11528nvdPatch
security.gentoo.org/glsa/glsa-200405-08.xmlnvdPatch
archives.neohapsis.com/archives/fulldisclosure/2004-05/0343.htmlnvdExploit
www.securityfocus.com/bid/10267nvdExploitPatch
securitytracker.com/idnvd
www.apsis.ch/pound/pound_list/archive/2003/2003-12/1070234315000nvd
www.osvdb.org/5746nvd
exchange.xforce.ibmcloud.com/vulnerabilities/16033nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.026
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000