CVE-2008-3908Improper Restriction of Operations within the Bounds of a Memory Buffer in Wordnet

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources
Severity
10.0CRITICALNVD
EPSS
2.9%
top 13.57%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
7
WordnetDebian WordnetPrinceton University Wordnet+4 more
Timeline
PublishedSep 4
Latest updateJun 11

Description

Multiple buffer overflows in Princeton WordNet (wn) 3.0 allow context-dependent attackers to execute arbitrary code via (1) a long argument on the command line; a long (2) WNSEARCHDIR, (3) WNHOME, or (4) WNDBVERSION environment variable; or (5) a user-supplied dictionary (aka data file). NOTE: since WordNet itself does not run with special privileges, this issue only crosses privilege boundaries when WordNet is invoked as a third party component.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages7 packages

debiandebian/wordnet< wordnet 1:3.0-12 (bookworm)
Debianwordnet/wordnet< 1:3.0-12+3

Patches

Patch: www.securityfocus.comPatch: www.securityfocus.com

🔴Vulnerability Details

2
GHSA
GHSA-7rh6-v5xq-4587: Multiple buffer overflows in Princeton WordNet (wn) 32022-05-02
OSV
CVE-2008-3908: Multiple buffer overflows in Princeton WordNet (wn) 32008-09-04

📋Vendor Advisories

2
Microsoft
CVE-2008-3908: NIST NVD Details: https://nvd2024-06-11
Debian
CVE-2008-3908: wordnet - Multiple buffer overflows in Princeton WordNet (wn) 3.0 allow context-dependent ...2008