CVE-2009-1186 — Classic Buffer Overflow in Project Udev

CWE-120 — Classic Buffer Overflow CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer6 documents6 sources

Severity

2.1LOWNVD

EPSS

0.1%

top 75.10%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Udev Project Udev Canonical Ubuntu Linux Debian Linux +5 more

Timeline

PublishedApr 17

Latest updateMay 2

Description

Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.

CVSS vector

AV:L/AC:L/C:N/I:N/A:PExploitability: 3.9 | Impact: 2.9

Affected Packages5 packages

▶NVDudev_project/udev< 141

▶NVDopensuse/opensuse10.3, 11.0, 11.1+2

▶NVDsuse/linux_enterprise_server10, 11+1

▶NVDsuse/linux_enterprise_desktop10, 11+1

▶NVDsuse/linux_enterprise_debuginfo10, 11+1

Also affects: Debian Linux 4.0, 5.0, Fedora 10, 9, Ubuntu Linux 6.06, 7.10, 8.04, 8.10

Patches

Patch: bugzilla.redhat.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-m6q5-8596-f8v2: Buffer overflow in the util_path_encode function in udev/lib/libudev-util↗2022-05-02

▶

CVEList

CVE-2009-1186: Buffer overflow in the util_path_encode function in udev/lib/libudev-util↗2009-04-17

▶

📋Vendor Advisories

Red Hat

udev: Buffer overflow in path encoding routine↗2009-04-15

▶

Ubuntu

udev vulnerabilities↗2009-04-15

▶

💬Community

Bugzilla

CVE-2009-1186 udev: Buffer overflow in path encoding routine↗2009-04-09

▶