Lucene search
RootSSV:3301HistoryMay 17, 2008 - 12:00 a.m.
WordNet多个栈溢出漏洞
2008-05-1700:00:00
Root
www.seebug.org
16
0.012 Low
EPSS
Percentile
85.4%
BUGTRAQ ID: 29208
CVE(CAN) ID: CVE-2008-2149
WordNet是普林斯顿大学开发的英语词汇及其词法关系数据库。
WordNet的src/wn.c文件的searchwn()函数以及lib/search.c文件的wngrep()函数在处理发送给wn二进制程序的超长字符串参数时存在栈溢出漏洞:
} else {
sprintf(tmpbuf, "wn: invalid search option: %s\n", av[j]);
display_message(tmpbuf);
errcount++;
}
远程攻击者可以通过发送带有无效命令行选项的超长字符串请求触发这个溢出,导致拒绝服务的情况。
Princeton University WordNet 3.0
Princeton University
目前厂商还没有提供补丁或者升级程序,我们建议使用此软件的用户随时关注厂商的主页以获取最新版本:
<a href=“http://wordnet.princeton.edu/” target=“_blank”>http://wordnet.princeton.edu/</a>
Related
cbl_mariner
cbl_mariner
CVE-2008-2149 affecting package wordnet for versions less than 3.0-38
2023-02-14 22:38:48
CVE-2008-2149 affecting package wordnet for versions less than 3.0-43
2024-04-03 00:40:51
cve
cve
CVE-2008-2149
2008-05-12 21:20:00
debiancve
debiancve
CVE-2008-2149
2008-05-12 21:20:00
nvd
nvd
CVE-2008-2149
2008-05-12 21:20:00
openvas
openvas
Debian Security Advisory DSA 1634-2 (wordnet)
2008-09-24 00:00:00
Mandriva Update for wordnet MDVSA-2008:182 (wordnet)
2009-04-09 00:00:00
Mandriva Update for wordnet MDVSA-2008:182 (wordnet)
2009-04-09 00:00:00
ubuntucve
ubuntucve
CVE-2008-2149
2008-05-12 00:00:00
prion
prion
Stack overflow
2008-05-12 21:20:00
cvelist
cvelist
CVE-2008-2149
2008-05-12 21:00:00
debian
debian
[SECURITY] [DSA 1634-2] New wordnet packages fix regression
2008-09-20 13:26:57
[SECURITY] [DSA 1634-1] New wordnet packages fix arbitrary code execution
2008-09-01 19:17:47
nessus
nessus
Mandriva Linux Security Advisory : wordnet (MDVSA-2008:182-1)
2009-04-23 00:00:00
Debian DSA-1634-1 : wordnet - stack and heap overflows
2008-09-05 00:00:00
GLSA-200810-01 : WordNet: Execution of arbitrary code
2008-10-08 00:00:00
securityvulns
securityvulns
WordNet library multiple buffer overflows
2008-09-02 00:00:00
gentoo
gentoo
WordNet: Execution of arbitrary code
2008-10-07 00:00:00
osv
osv
wordnet - arbitrary code execution
2008-09-01 00:00:00