Lucene search

K
nvd[email protected]NVD:CVE-2008-3916
HistorySep 04, 2008 - 6:41 p.m.

CVE-2008-3916

2008-09-0418:41:00
CWE-119
web.nvd.nist.gov
8

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8

Confidence

High

EPSS

0.005

Percentile

75.4%

Heap-based buffer overflow in the strip_escapes function in signal.c in GNU ed before 1.0 allows context-dependent or user-assisted attackers to execute arbitrary code via a long filename. NOTE: since ed itself does not typically run with special privileges, this issue only crosses privilege boundaries when ed is invoked as a third-party component.

Affected configurations

Nvd
Node
gnuedMatch0.2
OR
gnuedMatch0.3
OR
gnuedMatch0.4
OR
gnuedMatch0.5
OR
gnuedMatch0.6
OR
gnuedMatch0.7
OR
gnuedMatch0.8
OR
gnuedMatch0.9
VendorProductVersionCPE
gnued0.2cpe:2.3:a:gnu:ed:0.2:*:*:*:*:*:*:*
gnued0.3cpe:2.3:a:gnu:ed:0.3:*:*:*:*:*:*:*
gnued0.4cpe:2.3:a:gnu:ed:0.4:*:*:*:*:*:*:*
gnued0.5cpe:2.3:a:gnu:ed:0.5:*:*:*:*:*:*:*
gnued0.6cpe:2.3:a:gnu:ed:0.6:*:*:*:*:*:*:*
gnued0.7cpe:2.3:a:gnu:ed:0.7:*:*:*:*:*:*:*
gnued0.8cpe:2.3:a:gnu:ed:0.8:*:*:*:*:*:*:*
gnued0.9cpe:2.3:a:gnu:ed:0.9:*:*:*:*:*:*:*

References

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8

Confidence

High

EPSS

0.005

Percentile

75.4%