Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2008-3533Use of Externally-Controlled Format String in Yelp

CWE-134Use of Externally-Controlled Format String9 documents9 sources
Severity
10.0CRITICALNVD
EPSS
13.4%
top 5.80%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Gnome YelpGnome
Timeline
PublishedAug 18
Latest updateMay 2

Description

Format string vulnerability in the window_error function in yelp-window.c in yelp in Gnome after 2.19.90 and before 2.24 allows remote attackers to execute arbitrary code via format string specifiers in an invalid URI on the command line, as demonstrated by use of yelp within (1) man or (2) ghelp URI handlers in Firefox, Evolution, and unspecified other programs.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages3 packages

NVDgnome/yelp< 2.24
Debiangnome/yelp< 2.22.1-4+3
NVDgnome/gnome2.20, 2.22+1

Patches

Patch: bugzilla.gnome.orgPatch: bugs.launchpad.netPatch: bugzilla.gnome.org

🔴Vulnerability Details

3
GHSA
GHSA-4mh5-hw23-j38h: Format string vulnerability in the window_error function in yelp-window2022-05-02
OSV
CVE-2008-3533: Format string vulnerability in the window_error function in yelp-window2008-08-18
CVEList
CVE-2008-3533: Format string vulnerability in the window_error function in yelp-window2008-08-18

💥Exploits & PoCs

1
Exploit-DB
Yelp 2.23.1 - Invalid URI Format String2008-08-13

📋Vendor Advisories

3
Ubuntu
Yelp vulnerability2008-08-27
Red Hat
yelp: Invalid URI format string vulnerability (remote arbitrary code execution)2008-08-11
Debian
CVE-2008-3533: yelp - Format string vulnerability in the window_error function in yelp-window.c in yel...2008

💬Community

1
Bugzilla
CVE-2008-3533 yelp: Invalid URI format string vulnerability (remote arbitrary code execution)2008-08-19
CVE-2008-3533 — Gnome Yelp vulnerability | cvebase