Search for vulnerabilities
Vulnerability details: VCID-b2pe-7hqd-aaaj
Vulnerability ID VCID-b2pe-7hqd-aaaj
Aliases CVE-2008-1391
Summary Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.
Status Published
Exploitability 2.0
Weighted Severity 6.8
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-189 Numeric Errors
System Score Found at
epss 0.01915 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.01915 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.01915 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.01915 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.01915 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.01915 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.01915 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.01915 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.01915 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.01915 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.01915 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.01915 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.01958 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.02690 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.02690 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.03237 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.03237 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.18751 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.20122 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.20122 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.20122 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.20122 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.20122 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.20122 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.20122 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.20122 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.20122 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.20122 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.20122 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.20122 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.20122 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.20122 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.20122 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.20122 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.20122 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.20122 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
epss 0.29309 https://api.first.org/data/v1/epss?cve=CVE-2008-1391
cvssv2 7.5 https://nvd.nist.gov/vuln/detail/CVE-2008-1391
Reference id Reference type URL
http://cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/stdlib/strfmon.c
http://lists.apple.com/archives/security-announce//2008//Dec/msg00000.html
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2008-1391.json
https://api.first.org/data/v1/epss?cve=CVE-2008-1391
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2008-1391
http://secunia.com/advisories/29574
http://secunia.com/advisories/33179
http://securityreason.com/achievement_securityalert/53
http://securityreason.com/securityalert/3770
https://exchange.xforce.ibmcloud.com/vulnerabilities/41504
https://lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.html
http://support.apple.com/kb/HT3338
http://www.debian.org/security/2010/dsa-2058
http://www.securityfocus.com/archive/1/490158/100/0/threaded
http://www.securityfocus.com/bid/28479
http://www.securitytracker.com/id?1019722
http://www.us-cert.gov/cas/techalerts/TA08-350A.html
http://www.vupen.com/english/advisories/2008/3444
cpe:2.3:o:freebsd:freebsd:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:6.0:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:6.0_p5_release:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:6.0_p5_release:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:6.0:release:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:6.0:release:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:6.0:stable:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:6.0:stable:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:7.0:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:7.0_beta4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:7.0_beta4:*:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:7.0:pre-release:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:7.0:pre-release:*:*:*:*:*:*
cpe:2.3:o:freebsd:freebsd:7.0_releng:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:freebsd:freebsd:7.0_releng:*:*:*:*:*:*:*
cpe:2.3:o:netbsd:netbsd:4.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:netbsd:netbsd:4.0:*:*:*:*:*:*:*
CVE-2008-1391 https://nvd.nist.gov/vuln/detail/CVE-2008-1391
CVE-2008-1391;OSVDB-43837 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/bsd/dos/31550.c
CVE-2008-1391;OSVDB-43837 Exploit https://www.securityfocus.com/bid/28479/info
USN-944-1 https://usn.ubuntu.com/944-1/
Data source Exploit-DB
Date added March 27, 2008
Description BSD (Multiple Distributions) - 'strfmon()' Integer Overflow
Ransomware campaign use Known
Source publication date March 27, 2008
Exploit type dos
Platform bsd
Source update date Feb. 11, 2014
Source URL https://www.securityfocus.com/bid/28479/info
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2008-1391
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Exploit Prediction Scoring System (EPSS)
Percentile 0.89009
EPSS Score 0.01915
Published At Nov. 18, 2024, midnight
Date Actor Action Source VulnerableCode Version
There are no relevant records.