CVE-2008-4395 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Linux Kernel

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer7 documents6 sources

Severity

8.3HIGHNVD

EPSS

3.0%

top 13.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Ubuntu Linux Kernel Linux Kernel

Timeline

PublishedNov 6

Latest updateMay 2

Description

Multiple buffer overflows in the ndiswrapper module 1.53 for the Linux kernel 2.6 allow remote attackers to execute arbitrary code by sending packets over a local wireless network that specify long ESSIDs.

CVSS vector

AV:A/AC:L/C:C/I:C/A:CExploitability: 6.5 | Impact: 10.0

Affected Packages2 packages

▶NVDubuntu/linux_kernel2.6.26

▶NVDlinux/linux_kernel2.6

🔴Vulnerability Details

GHSA

GHSA-cfmc-g2m2-7ffx: Multiple buffer overflows in the ndiswrapper module 1↗2022-05-02

▶

CVEList

CVE-2008-4395: Multiple buffer overflows in the ndiswrapper module 1↗2008-11-06

▶

OSV

CVE-2008-4395: Multiple buffer overflows in the ndiswrapper module 1↗2008-11-06

▶

📋Vendor Advisories

Ubuntu

Ubuntu kernel modules vulnerability↗2008-11-06

▶

Ubuntu

Linux kernel vulnerabilities↗2008-11-05

▶

Red Hat

CVE-2008-4395: Multiple buffer overflows in the ndiswrapper module 1↗

▶