Lucene search

K
cveMitreCVE-2008-1391
HistoryMar 27, 2008 - 5:44 p.m.

CVE-2008-1391

2008-03-2717:44:00
CWE-189
mitre
web.nvd.nist.gov
54
cve-2008-1391
integer overflow
libc
netbsd
freebsd
bsd
apple mac os
arbitrary code execution
strfmon function
printf function
nvd

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7

Confidence

Low

EPSS

0.02

Percentile

88.8%

Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.

Affected configurations

Nvd
Node
freebsdfreebsdMatch6.0
OR
freebsdfreebsdMatch6.0release
OR
freebsdfreebsdMatch6.0stable
OR
freebsdfreebsdMatch6.0_p5_release
OR
freebsdfreebsdMatch7.0
OR
freebsdfreebsdMatch7.0pre-release
OR
freebsdfreebsdMatch7.0_beta4
OR
freebsdfreebsdMatch7.0_releng
OR
netbsdnetbsdMatch4.0
VendorProductVersionCPE
freebsdfreebsd6.0cpe:2.3:o:freebsd:freebsd:6.0:*:*:*:*:*:*:*
freebsdfreebsd6.0cpe:2.3:o:freebsd:freebsd:6.0:release:*:*:*:*:*:*
freebsdfreebsd6.0cpe:2.3:o:freebsd:freebsd:6.0:stable:*:*:*:*:*:*
freebsdfreebsd6.0_p5_releasecpe:2.3:o:freebsd:freebsd:6.0_p5_release:*:*:*:*:*:*:*
freebsdfreebsd7.0cpe:2.3:o:freebsd:freebsd:7.0:*:*:*:*:*:*:*
freebsdfreebsd7.0cpe:2.3:o:freebsd:freebsd:7.0:pre-release:*:*:*:*:*:*
freebsdfreebsd7.0_beta4cpe:2.3:o:freebsd:freebsd:7.0_beta4:*:*:*:*:*:*:*
freebsdfreebsd7.0_relengcpe:2.3:o:freebsd:freebsd:7.0_releng:*:*:*:*:*:*:*
netbsdnetbsd4.0cpe:2.3:o:netbsd:netbsd:4.0:*:*:*:*:*:*:*

CVSS2

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

AI Score

7

Confidence

Low

EPSS

0.02

Percentile

88.8%