cbcvebase.
CVE-2008-2357
published 2008-05-21

CVE-2008-2357: Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers…

PriorityP340medium6.8CVSS 2.0
AVNACMAuNCPIPAP
EPSS
4.71%
90.7th percentile
Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr.

Affected

57 ranges· showing 25
VendorProductVersion rangeFixed in
debianmtr< mtr 0.73-1 (bookworm)mtr 0.73-1 (bookworm)
matt_kimball_and_roger_wolffmtr<= 0.72
matt_kimball_and_roger_wolffmtr
matt_kimball_and_roger_wolffmtr
matt_kimball_and_roger_wolffmtr
matt_kimball_and_roger_wolffmtr
matt_kimball_and_roger_wolffmtr
matt_kimball_and_roger_wolffmtr
matt_kimball_and_roger_wolffmtr
matt_kimball_and_roger_wolffmtr
matt_kimball_and_roger_wolffmtr
matt_kimball_and_roger_wolffmtr
matt_kimball_and_roger_wolffmtr
matt_kimball_and_roger_wolffmtr
matt_kimball_and_roger_wolffmtr
matt_kimball_and_roger_wolffmtr
matt_kimball_and_roger_wolffmtr
matt_kimball_and_roger_wolffmtr
matt_kimball_and_roger_wolffmtr
matt_kimball_and_roger_wolffmtr
matt_kimball_and_roger_wolffmtr
matt_kimball_and_roger_wolffmtr
matt_kimball_and_roger_wolffmtr
matt_kimball_and_roger_wolffmtr
matt_kimball_and_roger_wolffmtr

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv6.8MEDIUM
vendor_debian6.8MEDIUM
vendor_redhat6.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.