id	summary	reporter	owner	description	type	status	priority	milestone	component	version	resolution	keywords	cc	blockedby	blocking	branch_state	votes
3143	format string vulnerability code in VFS	ossi		as reported in january 2010 (!) by Janek Kozicki (https://mail.gnome.org/archives/mc-devel/2010-January/msg00040.html), the (sh) VFS code is susceptible to printf format string attacks. while messing up the display with %f is pretty harmless, %n has been used to create exploits before. this makes the VFS unsuitable for browsing any untrusted data, which includes directories of other users on otherwise completely trusted machines.	defect	closed	critical		mc-vfs	master	duplicate					no branch