Vulnerability Description
Multiple buffer overflows in NASA Common Data Format (CDF) allow context-dependent attackers to execute arbitrary code, as demonstrated using (1) an array index error in the ReadAEDRList64 function, and other errors in the (2) SearchForRecord_r_64, (3) LastRecord64, (4) CDFsel64, and other unspecified functions.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Nasa Goddard Space Flight Center | Common Data Format | All versions |
Related Weaknesses (CWE)
References
- http://cdf.gsfc.nasa.gov/html/CDF_changesnote2.html
- http://cdf.gsfc.nasa.gov/html/CDF_v330.htmlPatchVendor Advisory
- http://www.openwall.com/lists/oss-security/2009/08/14/3
- http://www.securityfocus.com/archive/1/505123/30/0/threadedExploit
- http://cdf.gsfc.nasa.gov/html/CDF_changesnote2.html
- http://cdf.gsfc.nasa.gov/html/CDF_v330.htmlPatchVendor Advisory
- http://www.openwall.com/lists/oss-security/2009/08/14/3
- http://www.securityfocus.com/archive/1/505123/30/0/threadedExploit
FAQ
What is CVE-2009-2850?
CVE-2009-2850 is a vulnerability with a CVSS score of 9.3 (HIGH). Multiple buffer overflows in NASA Common Data Format (CDF) allow context-dependent attackers to execute arbitrary code, as demonstrated using (1) an array index error in the ReadAEDRList64 function, a...
How severe is CVE-2009-2850?
CVE-2009-2850 has been rated HIGH with a CVSS base score of 9.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2009-2850?
Check the references section above for vendor advisories and patch information. Affected products include: Nasa Goddard Space Flight Center Common Data Format.