Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).
CVE-2008-1391 — Integer Overflow or Wraparound in Freebsd
Severity
7.5HIGHNVD
EPSS
19.1%
top 4.66%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Timeline
PublishedMar 27
Latest updateMay 1
Description
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.
CVSS vector
AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4
Affected Packages1 packages
Also affects: Netbsd 4.0, Freebsd 6.0, 6.0_p5_release, 7.0, 7.0_beta4, 7.0_releng
🔴Vulnerability Details
3💥Exploits & PoCs
1📋Vendor Advisories
5Debian▶
CVE-2008-1391: glibc - Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and proba...↗2008