CVE-2008-4197
published 2008-09-27CVE-2008-4197: Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain…
PriorityP345high8.8CVSS 3.1
AVNACLPRNUIRSUCHIHAH
EPSS
6.33%
92.8th percentile
Opera before 9.52 on Windows, Linux, FreeBSD, and Solaris, when processing custom shortcut and menu commands, can produce argument strings that contain uninitialized memory, which might allow user-assisted remote attackers to execute arbitrary code or conduct other attacks via vectors related to activation of a shortcut.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| opera | opera_browser | < 9.52 | 9.52 |
CVSS provenance
nvdv3.18.8HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
CWE
Improper Initialization
mitre_cwe
CWE-665 Improper Initialization
CWE-665: Improper Initialization
The product does not initialize or incorrectly initializes a resource, which might leave the resource in an unexpected state when it is accessed or used.
This can have security implications when the associated resource is expected to have certain properties or values, such as a variable that determines whether a user has been authenticated or not.
Modes of Introduction:
Phase: Implementation
Note: This weakness can occur in code paths that are not well-tested, such as rare error conditions. This is because the use of uninitialized data would be noticed as a bug during frequently-used functionality.
Phase: Operation
Common Consequences:
Scope: Confidentiality. Impact: Read Memory, Read Application Data. When reusing a resource such as memory or a program
CWE
Use of Uninitialized Resource
mitre_cwe
CWE-908 Use of Uninitialized Resource
CWE-908: Use of Uninitialized Resource
The product uses or accesses a resource that has not been initialized.
When a resource has not been properly initialized, the product may behave unexpectedly. This may lead to a crash or invalid memory access, but the consequences vary depending on the type of resource and how it is used within the product.
Modes of Introduction:
Phase: Implementation
Common Consequences:
Scope: Confidentiality. Impact: Read Memory, Read Application Data. When reusing a resource such as memory or a program variable, the original contents of that resource may not be cleared before it is sent to an untrusted party.
Scope: Availability. Impact: DoS: Crash, Exit, or Restart. The uninitialized resource may contain values that cause program flow to change in ways that t
http://bugs.gentoo.org/show_bug.cgi?id=235298http://secunia.com/advisories/31549http://secunia.com/advisories/32538http://security.gentoo.org/glsa/glsa-200811-01.xmlhttp://www.openwall.com/lists/oss-security/2008/09/19/2http://www.openwall.com/lists/oss-security/2008/09/24/4http://www.opera.com/docs/changelogs/freebsd/952/http://www.opera.com/docs/changelogs/linux/952/http://www.opera.com/docs/changelogs/solaris/952/http://www.opera.com/docs/changelogs/windows/952/http://www.opera.com/support/search/view/894/http://www.securityfocus.com/bid/30768http://www.securitytracker.com/id?1020720http://www.vupen.com/english/advisories/2008/2416https://exchange.xforce.ibmcloud.com/vulnerabilities/44552http://bugs.gentoo.org/show_bug.cgi?id=235298http://secunia.com/advisories/31549http://secunia.com/advisories/32538http://security.gentoo.org/glsa/glsa-200811-01.xmlhttp://www.openwall.com/lists/oss-security/2008/09/19/2http://www.openwall.com/lists/oss-security/2008/09/24/4http://www.opera.com/docs/changelogs/freebsd/952/http://www.opera.com/docs/changelogs/linux/952/http://www.opera.com/docs/changelogs/solaris/952/http://www.opera.com/docs/changelogs/windows/952/http://www.opera.com/support/search/view/894/http://www.securityfocus.com/bid/30768http://www.securitytracker.com/id?1020720http://www.vupen.com/english/advisories/2008/2416https://exchange.xforce.ibmcloud.com/vulnerabilities/44552
2008-09-27
Published