CVE-2008-3908

2008-09-0400:00:00

ubuntu.com

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

EPSS

0.019

Percentile

88.8%

JSON

Multiple buffer overflows in Princeton WordNet (wn) 3.0 allow
context-dependent attackers to execute arbitrary code via (1) a long
argument on the command line; a long (2) WNSEARCHDIR, (3) WNHOME, or (4)
WNDBVERSION environment variable; or (5) a user-supplied dictionary (aka
data file). NOTE: since WordNet itself does not run with special
privileges, this issue only crosses privilege boundaries when WordNet is
invoked as a third party component.

Bugs

Notes

Author	Note
jdstrand	per Debian-- 1:3.0-12 had a regression and the patch was slightly updated by 1:3.0-13 to fix this bug

OSVersionArchitecturePackageVersionFilename
ubuntu7.04noarchwordnet< 1:2.1-4ubuntu0.1UNKNOWN
ubuntu8.04noarchwordnet< 1:3.0-6ubuntu0.1UNKNOWN
ubuntu8.10noarchwordnet< 1:3.0-11ubuntu0.1UNKNOWN
ubuntu9.04noarchwordnet< 1:3.0-11ubuntu0.1UNKNOWN
ubuntu9.10noarchwordnet< 1:3.0-11ubuntu0.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	7.04	noarch	wordnet	< 1:2.1-4ubuntu0.1	UNKNOWN
ubuntu	8.04	noarch	wordnet	< 1:3.0-6ubuntu0.1	UNKNOWN
ubuntu	8.10	noarch	wordnet	< 1:3.0-11ubuntu0.1	UNKNOWN
ubuntu	9.04	noarch	wordnet	< 1:3.0-11ubuntu0.1	UNKNOWN
ubuntu	9.10	noarch	wordnet	< 1:3.0-11ubuntu0.1	UNKNOWN