Lucene search

MitreCVE-2008-3496

HistoryAug 06, 2008 - 6:41 p.m.

CVE-2008-3496

2008-08-0618:41:00

CWE-120

mitre

web.nvd.nist.gov

cve-2008-3496

buffer overflow

uvc_parse_format

linux kernel

nvd

video4linux

v4l

uvcvideo

format descriptor parsing

drivers media video

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

0.007

Percentile

80.9%

JSON

Buffer overflow in format descriptor parsing in the uvc_parse_format function in drivers/media/video/uvc/uvc_driver.c in uvcvideo in the video4linux (V4L) implementation in the Linux kernel before 2.6.26.1 has unknown impact and attack vectors.

Affected configurations

Nvd

Node

linuxlinux_kernelRange<2.6.26.1

VendorProductVersionCPE
linuxlinux_kernel*cpe:2.3:o:linux:linux_kernel:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
linux	linux_kernel	*	cpe:2.3:o:linux:linux_kernel::::::::

References

lists.opensuse.org/opensuse-security-announce/2008-09/msg00004.html

lkml.org/lkml/2008/7/30/655

secunia.com/advisories/31982

www.kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.26.1

www.mandriva.com/security/advisories?name=MDVSA-2008:223

www.securityfocus.com/bid/30514

exchange.xforce.ibmcloud.com/vulnerabilities/44184

Social References

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

AI Score

6.5

Confidence

Low

EPSS

0.007

Percentile

80.9%

JSON

Related for CVE-2008-3496