CVE-2008-3546 : Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow lo

Stack-based buffer overflow in the (1) diff_addremove and (2) diff_change functions in GIT before 1.5.6.4 might allow local users to execute arbitrary code via a PATH whose length is larger than the system's PATH_MAX when running GIT utilities such as git-diff or git-grep.

Published 2008-08-07 21:41:00

Updated 2018-10-11 20:48:35

Source MITRE

View at NVD, CVE.org

Vulnerability category: OverflowExecute code

Exploit prediction scoring system (EPSS) score for CVE-2008-3546

Probability of exploitation activity in the next 30 days: 0.04%

Percentile, the proportion of vulnerabilities that are scored at or less: ~ 8 % EPSS Score History EPSS FAQ

CVSS scores for CVE-2008-3546

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source
7.5	HIGH	AV:N/AC:L/Au:N/C:P/I:P/A:P	10.0	6.4	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: Partial Availability Impact: Partial

CWE ids for CVE-2008-3546

CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2008-3546

Products affected by CVE-2008-3546

GIT » GIT » Version: 1.5.5.3 Update R1
cpe:2.3:a:git:git:1.5.5.3:r1:*:*:*:*:*:*
Matching versions
When used together with: Linux » Parduslinux » Version: 2007
When used together with: Linux » Parduslinux » Version: 2008
GIT » GIT » Version: 1.5.5.4
cpe:2.3:a:git:git:1.5.5.4:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Parduslinux » Version: 2007
When used together with: Linux » Parduslinux » Version: 2008
GIT » GIT » Version: 1.5.6.3
cpe:2.3:a:git:git:1.5.6.3:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Parduslinux » Version: 2007
When used together with: Linux » Parduslinux » Version: 2008
GIT » GIT » Version: 1.5.5.3
cpe:2.3:a:git:git:1.5.5.3:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Parduslinux » Version: 2007
When used together with: Linux » Parduslinux » Version: 2008
GIT » GIT » Version: 1.5.6.1
cpe:2.3:a:git:git:1.5.6.1:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Parduslinux » Version: 2007
When used together with: Linux » Parduslinux » Version: 2008
GIT » GIT » Version: 1.5.6.2
cpe:2.3:a:git:git:1.5.6.2:*:*:*:*:*:*:*
Matching versions
When used together with: Linux » Parduslinux » Version: 2007
When used together with: Linux » Parduslinux » Version: 2008

Vulnerability Details : CVE-2008-3546

Exploit prediction scoring system (EPSS) score for CVE-2008-3546

CVSS scores for CVE-2008-3546

CWE ids for CVE-2008-3546

References for CVE-2008-3546

Products affected by CVE-2008-3546