CVE-2008-2320

Name: CVE-2008-2320
Creator: NVD / NIST
Published: 2008-08-04T01:41:00+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

UnknownEPSS 3.80%

Last modified Jun 16, 2026

CVE-2008-2320 is a vulnerability of currently unknown severity. Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long filename to the file management API.. EPSS estimates a 3.80% chance of exploitation in the next 30 days.

Description

Stack-based buffer overflow in CarbonCore in Apple Mac OS X 10.4.11 and 10.5.4, iPhone OS 1.0 through 2.2.1, and iPhone OS for iPod touch 1.1 through 2.2.1 allows context-dependent attackers to execute arbitrary code or cause a denial of service (application crash) via a long filename to the file management API.

Metrics

EPSS Probability

3.80%

88.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-119

Affected Software

Vendor	Product	Versions
Apple	Carboncore	All versions

References

http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.htmlPatch
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.htmlPatch
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.htmlPatch
http://secunia.com/advisories/31326Vendor Advisory
http://secunia.com/advisories/35379Vendor Advisory
http://support.apple.com/kb/HT3613Patch, Vendor Advisory
http://support.apple.com/kb/HT3639Patch, Vendor Advisory
http://www.securityfocus.com/archive/1/495040/100/0/threaded
http://www.securityfocus.com/bid/30483Patch
http://www.securityfocus.com/bid/30487Patch
http://www.securitytracker.com/id?1020602
http://www.vupen.com/english/advisories/2008/2268Vendor Advisory
http://www.vupen.com/english/advisories/2009/1522Patch, Vendor Advisory
http://www.vupen.com/english/advisories/2009/1621Patch, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/44126
http://lists.apple.com/archives/security-announce//2008/Jul/msg00003.htmlPatch
http://lists.apple.com/archives/security-announce/2009/Jun/msg00005.htmlPatch
http://lists.apple.com/archives/security-announce/2009/jun/msg00002.htmlPatch
http://secunia.com/advisories/31326Vendor Advisory
http://secunia.com/advisories/35379Vendor Advisory
http://support.apple.com/kb/HT3613Patch, Vendor Advisory
http://support.apple.com/kb/HT3639Patch, Vendor Advisory
http://www.securityfocus.com/archive/1/495040/100/0/threaded
http://www.securityfocus.com/bid/30483Patch
http://www.securityfocus.com/bid/30487Patch
http://www.securitytracker.com/id?1020602
http://www.vupen.com/english/advisories/2008/2268Vendor Advisory
http://www.vupen.com/english/advisories/2009/1522Patch, Vendor Advisory
http://www.vupen.com/english/advisories/2009/1621Patch, Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/44126

Timeline

Published: Aug 4, 2008
Last Modified: Jun 16, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2008-2320?

How severe is CVE-2008-2320?

Severity scoring for CVE-2008-2320 is pending analysis. The EPSS model estimates a 3.80% probability of exploitation in the next 30 days.

How do I fix CVE-2008-2320?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2008-2320?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST