Lucene search

MitreCVE-2008-3971

HistorySep 11, 2008 - 1:13 a.m.

CVE-2008-3971

2008-09-1101:13:47

CWE-119

mitre

web.nvd.nist.gov

cve

buffer overflow

gmanedit

security

nvd

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

High

EPSS

0.09

Percentile

94.6%

JSON

Heap-based buffer overflow in the open_man_file function in callbacks.c in gmanedit 0.4.1 allows remote attackers to execute arbitrary code via a crafted man page, which is not properly handled during utf8 conversion. NOTE: another overflow was reported using a configuration file, but that vector does not have a scenario that crosses privilege boundaries.

Affected configurations

Nvd

Node

gmanedit2gmaneditMatch0.4.1

VendorProductVersionCPE
gmanedit2gmanedit0.4.1cpe:2.3:a:gmanedit2:gmanedit:0.4.1:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
gmanedit2	gmanedit	0.4.1	cpe:2.3:a:gmanedit2:gmanedit:0.4.1:::::::*

References

bugs.debian.org/cgi-bin/bugreport.cgi?bug=497835

www.openwall.com/lists/oss-security/2008/09/06/2

www.openwall.com/lists/oss-security/2008/09/09/13

www.openwall.com/lists/oss-security/2008/09/09/19

www.securityfocus.com/bid/31040

exchange.xforce.ibmcloud.com/vulnerabilities/44962

exchange.xforce.ibmcloud.com/vulnerabilities/44963

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

High

EPSS

0.09

Percentile

94.6%

JSON

Related for CVE-2008-3971