CVE-2008-1391 SUSE CVE security@suse.de SUSE Security Team SUSE CVE-2008-1391 Interim 1 11 2024-10-24T02:14:48Z current 2021-05-30T12:42:11Z 2024-10-24T02:14:48Z cve-database/bin/generate-cvrf-cve.pl 2020-12-27T01:00:00Z CVE-2008-1391 Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec. The CVRF data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0). https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/4GV6CUGE3JGTZZUYVACC3MINIWE4G3TS/#4GV6CUGE3JGTZZUYVACC3MINIWE4G3TS E-Mail link for SUSE-SA:2010:052 https://www.suse.com/support/security/rating/ SUSE Security Ratings SUSE Linux Enterprise Desktop 11 SUSE Linux Enterprise Software Development Kit 11 SUSE Linux Enterprise Server 11 SUSE Linux Enterprise Software Development Kit 11 SUSE Linux Enterprise Software Development Kit 11 glibc glibc-devel glibc-html glibc-i18ndata glibc-info glibc-locale glibc-profile nscd glibc as a component of SUSE Linux Enterprise Desktop 11 glibc as a component of SUSE Linux Enterprise Server 11 glibc-devel as a component of SUSE Linux Enterprise Server 11 glibc-html as a component of SUSE Linux Enterprise Server 11 glibc-i18ndata as a component of SUSE Linux Enterprise Server 11 glibc-info as a component of SUSE Linux Enterprise Server 11 glibc-locale as a component of SUSE Linux Enterprise Server 11 glibc-profile as a component of SUSE Linux Enterprise Server 11 nscd as a component of SUSE Linux Enterprise Server 11 glibc as a component of SUSE Linux Enterprise Software Development Kit 11 Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec. CVE-2008-1391 important 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P