CVE-2013-4258
CVE-2013-4258 is a high-severity vulnerability in Radscan Network Audio System with a CVSS 2.0 base score of 7.5. It is not currently listed as actively exploited by CISA, and its EPSS exploit-prediction score is low. The underlying weakness is classified as CWE-134.
Key facts
- Severity: High (CVSS 2.0 base score 7.5)
- EPSS exploit prediction: 4% (89th percentile)
- Actively exploited: Not listed in CISA KEV
- Weakness: CWE-134
- Affected product: Radscan Network Audio System
- Published:
- Last modified:
Description
Format string vulnerability in the osLogMsg function in server/os/aulog.c in Network Audio System (NAS) 1.9.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to syslog.
Frequently asked questions
- What is CVE-2013-4258?
- Format string vulnerability in the osLogMsg function in server/os/aulog.c in Network Audio System (NAS) 1.9.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to syslog.
- How severe is CVE-2013-4258?
- CVE-2013-4258 has a CVSS 2.0 base score of 7.5, rated high severity.
- Is CVE-2013-4258 being actively exploited?
- It is not currently listed in CISA's KEV catalog. Its EPSS exploit-prediction score is 4% (89th percentile), an estimate of the probability of exploitation in the next 30 days.
- What products are affected by CVE-2013-4258?
- CVE-2013-4258 affects Radscan Network Audio System. See the affected-products list for the exact vulnerable versions.
- How do I fix CVE-2013-4258?
- Review the linked vendor and NVD advisories for patched versions and mitigations, then upgrade or apply the recommended workaround. Given its high severity, prioritise patching exposed systems.
- When was CVE-2013-4258 published?
- CVE-2013-4258 was published on 2013-10-09 and last updated on 2026-06-16.
References
- http://radscan.com/pipermail/nas/2013-August/001270.html
- http://radscan.com/pipermail/nas/2013-August/001277.html
- http://sourceforge.net/mailarchive/forum.php?thread_name=E1Rp1rP-00038Z-VJ%40sfp-svn-6.v30.ch3.sourceforge.com&forum_name=nas-commits
- http://www.debian.org/security/2013/dsa-2771
- http://www.openwall.com/lists/oss-security/2013/08/16/2
- http://www.openwall.com/lists/oss-security/2013/08/19/3
- http://www.securityfocus.com/bid/61852
Affected products (1)
- cpe:2.3:a:radscan:network_audio_system:1.9.3:*:*:*:*:*:*:*
More vulnerabilities in Radscan Network Audio System
- CVE-2007-1543 — Critical (CVSS 10.0): Stack-based buffer overflow in the accept_att_local function in server/os/connection.c in Network Audio System (NAS)…
- CVE-2007-1547 — High (CVSS 7.8): The ReadRequestFromClient function in server/os/io.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote…
- CVE-2007-1544 — Medium (CVSS 5.0): Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c in Network Audio System (NAS) before…
- CVE-2007-1546 — Medium (CVSS 5.0): Array index error in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of…
- CVE-2007-1545 — Medium (CVSS 5.0): The AddResource function in server/dia/resource.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote…
- CVE-2013-4256 — Medium (CVSS 4.6): Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a…
All CVEs affecting Radscan Network Audio System →
Other CWE-134 vulnerabilities
- CVE-2012-1851 — Critical (CVSS 10.0): Format string vulnerability in the Print Spooler service in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2,…
- CVE-2012-0242 — Critical (CVSS 10.0): Format string vulnerability in Advantech/BroadWin WebAccess before 7.0 allows remote attackers to execute arbitrary…
- CVE-2011-2475 — Critical (CVSS 10.0): Format string vulnerability in ECTrace.dll in the iMailGateway service in the Internet Mail Gateway in OneBridge Server…
- CVE-2011-1568 — Critical (CVSS 10.0): Format string vulnerability in the logText function in shmemmgr9.dll in IGSSdataServer.exe 9.00.00.11074, and…
- CVE-2010-4235 — Critical (CVSS 10.0): Format string vulnerability in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server…
- CVE-2011-0270 — Critical (CVSS 10.0): Format string vulnerability in nnmRptConfig.exe in HP OpenView Network Node Manager (OV NNM) 7.51 and 7.53 allows…