Lucene search

Ubuntu.comUB:CVE-2008-3971

HistorySep 11, 2008 - 12:00 a.m.

CVE-2008-3971

2008-09-1100:00:00

ubuntu.com

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.09

Percentile

94.6%

JSON

Heap-based buffer overflow in the open_man_file function in callbacks.c in
gmanedit 0.4.1 allows remote attackers to execute arbitrary code via a
crafted man page, which is not properly handled during utf8 conversion.
NOTE: another overflow was reported using a configuration file, but that
vector does not have a scenario that crosses privilege boundaries.

References

launchpad.net/bugs/cve/CVE-2008-3971

nvd.nist.gov/vuln/detail/CVE-2008-3971

security-tracker.debian.org/tracker/CVE-2008-3971

www.cve.org/CVERecord?id=CVE-2008-3971

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

EPSS

0.09

Percentile

94.6%

JSON

Related for UB:CVE-2008-3971