CVE-2008-1391

Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.
Configurations

Configuration 1

cpe:2.3:o:freebsd:freebsd:7.0:pre-release:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:4.0:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:7.0_beta4:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:7.0:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:6.0_p5_release:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:6.0:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:7.0_releng:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:6.0:release:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:6.0:stable:*:*:*:*:*:*

Information

Published : 2008-03-27 05:44

Updated : 2018-10-11 08:33


NVD link : CVE-2008-1391

Mitre link : CVE-2008-1391

Products Affected
No products.
CWE