HP TCP/IP Services for OpenVMS Finger Client Format String Vulnerability

HP TCP/IP Services for OpenVMS Finger Client Format String Vulnerability

The HP OpenVMS finger client is prone to a format-string vulnerability because it fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function.

An attacker may exploit this issue to execute arbitrary code in the context of the vulnerable application. Failed exploit attempts will likely result in a denial-of-service condition.

This issue affects HP TCP/IP Services for OpenVMS 5.x.