CVE-2008-1391
Last modified
CVE-2008-1391 is a vulnerability of currently unknown severity. Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.. EPSS estimates a 18.80% chance of exploitation in the next 30 days.
Description
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Freebsd | Freebsd | 6.0 |
| Freebsd | Freebsd | 6.0_p5_release |
| Freebsd | Freebsd | 7.0 |
| Freebsd | Freebsd | 7.0_beta4 |
| Freebsd | Freebsd | 7.0_releng |
| Netbsd | Netbsd | 4.0 |
References
- http://www.us-cert.gov/cas/techalerts/TA08-350A.htmlUS Government Resource
- http://www.us-cert.gov/cas/techalerts/TA08-350A.htmlUS Government Resource
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2008-1391?
How severe is CVE-2008-1391?
How do I fix CVE-2008-1391?
Are you affected by CVE-2008-1391?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST