CVE-2008-2357

Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record.  NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
matt_kimball_and_roger_wolffmtr
𝑥
≤ 0.72
matt_kimball_and_roger_wolffmtr
0.21
matt_kimball_and_roger_wolffmtr
0.22
matt_kimball_and_roger_wolffmtr
0.23
matt_kimball_and_roger_wolffmtr
0.24
matt_kimball_and_roger_wolffmtr
0.25
matt_kimball_and_roger_wolffmtr
0.26
matt_kimball_and_roger_wolffmtr
0.27
matt_kimball_and_roger_wolffmtr
0.28
matt_kimball_and_roger_wolffmtr
0.29
matt_kimball_and_roger_wolffmtr
0.30
matt_kimball_and_roger_wolffmtr
0.31
matt_kimball_and_roger_wolffmtr
0.32
matt_kimball_and_roger_wolffmtr
0.33
matt_kimball_and_roger_wolffmtr
0.34
matt_kimball_and_roger_wolffmtr
0.35
matt_kimball_and_roger_wolffmtr
0.36
matt_kimball_and_roger_wolffmtr
0.37
matt_kimball_and_roger_wolffmtr
0.38
matt_kimball_and_roger_wolffmtr
0.39
matt_kimball_and_roger_wolffmtr
0.40
matt_kimball_and_roger_wolffmtr
0.41
matt_kimball_and_roger_wolffmtr
0.42
matt_kimball_and_roger_wolffmtr
0.43
matt_kimball_and_roger_wolffmtr
0.44
matt_kimball_and_roger_wolffmtr
0.45
matt_kimball_and_roger_wolffmtr
0.46
matt_kimball_and_roger_wolffmtr
0.47
matt_kimball_and_roger_wolffmtr
0.48
matt_kimball_and_roger_wolffmtr
0.49
matt_kimball_and_roger_wolffmtr
0.50
matt_kimball_and_roger_wolffmtr
0.51
matt_kimball_and_roger_wolffmtr
0.52
matt_kimball_and_roger_wolffmtr
0.53
matt_kimball_and_roger_wolffmtr
0.54
matt_kimball_and_roger_wolffmtr
0.55
matt_kimball_and_roger_wolffmtr
0.56
matt_kimball_and_roger_wolffmtr
0.57
matt_kimball_and_roger_wolffmtr
0.58
matt_kimball_and_roger_wolffmtr
0.59
matt_kimball_and_roger_wolffmtr
0.60
matt_kimball_and_roger_wolffmtr
0.61
matt_kimball_and_roger_wolffmtr
0.62
matt_kimball_and_roger_wolffmtr
0.63
matt_kimball_and_roger_wolffmtr
0.64
matt_kimball_and_roger_wolffmtr
0.65
matt_kimball_and_roger_wolffmtr
0.66
matt_kimball_and_roger_wolffmtr
0.67
matt_kimball_and_roger_wolffmtr
0.68
matt_kimball_and_roger_wolffmtr
0.69
matt_kimball_and_roger_wolffmtr
0.70
matt_kimball_and_roger_wolffmtr
0.71
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
mtr
bullseye
0.94-1+deb11u1
fixed
bookworm
0.95-1
fixed
sid
0.95-1.1
fixed
trixie
0.95-1.1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
mtr
natty
not-affected
maverick
not-affected
lucid
not-affected
karmic
not-affected
jaunty
not-affected
intrepid
not-affected
hardy
not-affected
gutsy
ignored
feisty
ignored
dapper
ignored
Common Weakness Enumeration
References
ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://seclists.org/fulldisclosure/2008/May/0488.html
http://secunia.com/advisories/30312
http://secunia.com/advisories/30340
http://secunia.com/advisories/30359
http://secunia.com/advisories/30522
http://secunia.com/advisories/30967
http://security.gentoo.org/glsa/glsa-200806-01.xml
http://securityreason.com/securityalert/3903
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175
http://www.debian.org/security/2008/dsa-1587
http://www.mandriva.com/security/advisories?name=MDVSA-2008:176
http://www.openwall.com/lists/oss-security/2008/05/21/1
http://www.openwall.com/lists/oss-security/2008/05/21/3
http://www.openwall.com/lists/oss-security/2008/05/21/4
http://www.securityfocus.com/archive/1/492260/100/0/threaded
http://www.securityfocus.com/bid/29290
http://www.securitytracker.com/id?1020046
https://exchange.xforce.ibmcloud.com/vulnerabilities/42535
https://issues.rpath.com/browse/RPL-2558
ftp://ftp.bitwizard.nl/mtr/mtr-0.73.diff
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00001.html
http://seclists.org/fulldisclosure/2008/May/0488.html
http://secunia.com/advisories/30312
http://secunia.com/advisories/30340
http://secunia.com/advisories/30359
http://secunia.com/advisories/30522
http://secunia.com/advisories/30967
http://security.gentoo.org/glsa/glsa-200806-01.xml
http://securityreason.com/securityalert/3903
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0175
http://www.debian.org/security/2008/dsa-1587
http://www.mandriva.com/security/advisories?name=MDVSA-2008:176
http://www.openwall.com/lists/oss-security/2008/05/21/1
http://www.openwall.com/lists/oss-security/2008/05/21/3
http://www.openwall.com/lists/oss-security/2008/05/21/4
http://www.securityfocus.com/archive/1/492260/100/0/threaded
http://www.securityfocus.com/bid/29290
http://www.securitytracker.com/id?1020046
https://exchange.xforce.ibmcloud.com/vulnerabilities/42535
https://issues.rpath.com/browse/RPL-2558