CVE-2008-2149 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Wordnet

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources

Severity

7.5HIGHNVD

EPSS

1.5%

top 19.12%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Wordnet Debian Wordnet Msrc Azure Linux 3.0 ARM +3 more

Timeline

PublishedMay 12

Latest updateJun 11

Description

Stack-based buffer overflow in the searchwn function in Wordnet 2.0, 2.1, and 3.0 might allow context-dependent attackers to execute arbitrary code via a long command line option. NOTE: this issue probably does not cross privilege boundaries except in cases in which Wordnet is used as a back end.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages7 packages

▶debiandebian/wordnet< wordnet 1:3.0-10 (bookworm)

▶Debianwordnet/wordnet< 1:3.0-10+3

▶NVDwordnet/wordnet2.0, 2.1, 3.0+2

▶msrcmsrc/azure_linux_3.0_arm

▶msrcmsrc/azure_linux_3.0_x64

🔴Vulnerability Details

GHSA

GHSA-4hrh-x42w-7jw8: Stack-based buffer overflow in the searchwn function in Wordnet 2↗2022-05-01

▶

OSV

CVE-2008-2149: Stack-based buffer overflow in the searchwn function in Wordnet 2↗2008-05-12

▶

📋Vendor Advisories

Microsoft

CVE-2008-2149: NIST NVD Details: https://nvd↗2024-06-11

▶

Debian

CVE-2008-2149: wordnet - Stack-based buffer overflow in the searchwn function in Wordnet 2.0, 2.1, and 3....↗2008

▶