CVE-2008-1391
27.03.2008, 17:44
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.Enginsight
| Vendor | Product | Version |
|---|---|---|
| freebsd | freebsd | 6.0 |
| freebsd | freebsd | 6.0:release |
| freebsd | freebsd | 6.0:stable |
| freebsd | freebsd | 6.0_p5_release:_p5_release |
| freebsd | freebsd | 7.0 |
| freebsd | freebsd | 7.0:pre-release |
| freebsd | freebsd | 7.0_beta4:_beta4 |
| freebsd | freebsd | 7.0_releng:_releng |
| netbsd | netbsd | 4.0 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Common Weakness Enumeration
References