CVE-2008-1391
glibc - several vulnerabilities
EPSS 20.0%
Description
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.
How to fix CVE-2008-1391
To remediate CVE-2008-1391, upgrade the affected package to a fixed version below.
- Debian/glibc—upgrade to 2.11-1 or later
- —upgrade to 2.7-18lenny4 or later
Is CVE-2008-1391 being exploited?
Moderate — EPSS is 20.0%. Track this CVE but it's not at the top of the prioritisation list.
Affected packages (2)
- from 0, < 2.11-1
- from 0, < 2.7-18lenny4