CVE-2008-4865 — HIGH (7.2) — White Hats Nepal

Q: How severe is CVE-2008-4865?

CVE-2008-4865 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2008-4865?

Check the references section above for vendor advisories and patch information. Affected products include: Valgrind Valgrind.

Vulnerability Description

Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been disputed, but CVE is including this issue because execution of a program from an untrusted directory is a common scenario.

CVSS Score

7.2

HIGH

AV:L/AC:L/Au:N/C:C/I:C/A:C

Confidentiality

COMPLETE

Integrity

COMPLETE

Availability

COMPLETE

Affected Products

Vendor	Product	Versions
Valgrind	Valgrind	<= 3.4.0

References

FAQ

What is CVE-2008-4865?

CVE-2008-4865 is a vulnerability with a CVSS score of 7.2 (HIGH). Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated usin...

How severe is CVE-2008-4865?

CVE-2008-4865 has been rated HIGH with a CVSS base score of 7.2/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2008-4865?

Check the references section above for vendor advisories and patch information. Affected products include: Valgrind Valgrind.