1. Home
  2. CVE Database
  3. CVE-2008-1391
HIGH · 7.5

CVE-2008-1391

Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of...

Vulnerability Description

Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.

CVSS Score

7.5

HIGH

AV:N/AC:L/Au:N/C:P/I:P/A:P
Confidentiality
PARTIAL
Integrity
PARTIAL
Availability
PARTIAL

Affected Products

VendorProductVersions
FreebsdFreebsd6.0
NetbsdNetbsd4.0

Related Weaknesses (CWE)

CWE-189

References

FAQ

What is CVE-2008-1391?

CVE-2008-1391 is a vulnerability with a CVSS score of 7.5 (HIGH). Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of...

How severe is CVE-2008-1391?

CVE-2008-1391 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-1391?

Check the references section above for vendor advisories and patch information. Affected products include: Freebsd Freebsd, Netbsd Netbsd.