Vulnerability Details : CVE-2008-1688
Unspecified vulnerability in GNU m4 before 1.4.11 might allow context-dependent attackers to execute arbitrary code, related to improper handling of filenames specified with the -F option. NOTE: it is not clear when this issue crosses privilege boundaries.
Vulnerability category: Execute code
Products affected by CVE-2008-1688
- cpe:2.3:a:gnu:m4:1.4.4:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:m4:1.4.5:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:m4:1.4.6:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:m4:1.4.7:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:m4:1.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:m4:1.4.10:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:m4:1.4.8:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:m4:1.4.9:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:m4:1.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:gnu:m4:1.4.3:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-1688
2.97%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-1688
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
NIST |
Vendor statements for CVE-2008-1688
-
Red Hat 2008-04-15Red Hat does not consider this to be a security issue. After careful analysis of this issue the Red Hat Security Response Team has determined that this bug has no security impact outside of expected m4 behavior.
References for CVE-2008-1688
-
http://www.vupen.com/english/advisories/2008/1151/references
Site en construction
-
http://www.openwall.com/lists/oss-security/2008/04/07/3
oss-security - Re: Security fixes in m4-1.4.11
-
http://www.securityfocus.com/bid/28688
-
http://www.openwall.com/lists/oss-security/2008/04/07/1
oss-security - Security fixes in m4-1.4.11
-
http://slackware.com/security/viewer.php?l=slackware-security&y=2008&m=slackware-security.510612
The Slackware Linux Project: Slackware Security Advisories
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/41704
GNU M4 produce_frozen_state format string CVE-2008-1688 Vulnerability Report
Jump to