cbcvebase.
CVE-2008-2266
published 2008-05-16

CVE-2008-2266: uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and possibly other products, allows local users to overwrite arbitrary files via a symlink…

PriorityP413medium4.4CVSS 2.0
AVLACMAuNCPIPAP
EPSS
0.32%
23.9th percentile
uulib/uunconc.c in UUDeview 0.5.20, as used in nzbget before 0.3.0 and possibly other products, allows local users to overwrite arbitrary files via a symlink attack on a temporary filename generated by the tempnam function. NOTE: this may be a CVE-2004-2265 regression.

Affected

14 ranges
VendorProductVersion rangeFixed in
debianlibconvert-uulib-perl< uudeview 0.5.20-3.1 (bookworm)uudeview 0.5.20-3.1 (bookworm)
debianpan< uudeview 0.5.20-3.1 (bookworm)uudeview 0.5.20-3.1 (bookworm)
debianuudeview< uudeview 0.5.20-3.1 (bookworm)uudeview 0.5.20-3.1 (bookworm)
nzbgetnzbget<= 0.2.2
nzbgetnzbget
nzbgetnzbget
nzbgetnzbget
nzbgetnzbget
nzbgetnzbget
uudeviewuudeview
uudeviewuudeview>= 0 < 0.5.20-3.10.5.20-3.1
uudeviewuudeview>= 0 < 0.5.20-3.10.5.20-3.1
uudeviewuudeview>= 0 < 0.5.20-3.10.5.20-3.1
uudeviewuudeview>= 0 < 0.5.20-3.10.5.20-3.1

CVSS provenance

nvdv2.04.4MEDIUMAV:L/AC:M/Au:N/C:P/I:P/A:P
osv7.2HIGH
vendor_debian7.2LOW
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.