Lucene search

K

MitreCVELIST:CVE-2008-1391

HistoryMar 27, 2008 - 5:00 p.m.

CVE-2008-1391

2008-03-2717:00:00

mitre

www.cve.org

1

7 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

88.8%

Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.

References

cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/stdlib/strfmon.c

lists.apple.com/archives/security-announce//2008//Dec/msg00000.html

secunia.com/advisories/29574

secunia.com/advisories/33179

securityreason.com/achievement_securityalert/53

securityreason.com/securityalert/3770

support.apple.com/kb/HT3338

www.debian.org/security/2010/dsa-2058

www.securityfocus.com/archive/1/490158/100/0/threaded

www.securityfocus.com/bid/28479

www.securitytracker.com/id?1019722

www.us-cert.gov/cas/techalerts/TA08-350A.html

www.vupen.com/english/advisories/2008/3444

exchange.xforce.ibmcloud.com/vulnerabilities/41504

lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html

7 High

AI Score

Confidence

Low

0.02 Low

EPSS

Percentile

88.8%

Related for CVELIST:CVE-2008-1391

cve3 securityvulns6 ubuntucve3 debiancve3 nvd3 prion3 seebug1 cvelist2 nessus11 ubuntu1 openvas12 osv1 debian2 suse1