CVE-2008-2080

Stack-based buffer overflow in the Read32s_64 function in src/lib/cdfread64.c in the NASA Goddard Space Flight Center Common Data Format (CDF) library before 3.2.1 allows context-dependent attackers to execute arbitrary code via a .cdf file with crafted length tags.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://cdf.gsfc.nasa.gov/CDF32_buffer_overflow.html
http://secunia.com/advisories/30053
http://secunia.com/advisories/30169
http://security.gentoo.org/glsa/glsa-200805-14.xml
http://www.coresecurity.com/?action=item&id=2260	Exploit Patch
http://www.securityfocus.com/bid/29045
http://www.securitytracker.com/id?1019965
http://www.vupen.com/english/advisories/2008/1440/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42219
http://cdf.gsfc.nasa.gov/CDF32_buffer_overflow.html
http://secunia.com/advisories/30053
http://secunia.com/advisories/30169
http://security.gentoo.org/glsa/glsa-200805-14.xml
http://www.coresecurity.com/?action=item&id=2260	Exploit Patch
http://www.securityfocus.com/bid/29045
http://www.securitytracker.com/id?1019965
http://www.vupen.com/english/advisories/2008/1440/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42219

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format::::::::
	cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:2.0:::::::*
	cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:2.1:::::::*
	cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:2.2:::::::*
	cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:2.3:::::::*
	cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:2.4:::::::*
	cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:2.5:::::::*
	cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:2.6:::::::*
	cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:2.7:::::::*
	cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:3.0:::::::*
	cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:3.1:::::::*

History

21 Nov 2024, 00:46

Type	Values Removed	Values Added
References	~~() http://cdf.gsfc.nasa.gov/CDF32_buffer_overflow.html -~~	() http://cdf.gsfc.nasa.gov/CDF32_buffer_overflow.html -
References	~~() http://secunia.com/advisories/30053 -~~	() http://secunia.com/advisories/30053 -
References	~~() http://secunia.com/advisories/30169 -~~	() http://secunia.com/advisories/30169 -
References	~~() http://security.gentoo.org/glsa/glsa-200805-14.xml -~~	() http://security.gentoo.org/glsa/glsa-200805-14.xml -
References	~~() http://www.coresecurity.com/?action=item&id=2260 - Exploit, Patch~~	() http://www.coresecurity.com/?action=item&id=2260 - Exploit, Patch
References	~~() http://www.securityfocus.com/bid/29045 -~~	() http://www.securityfocus.com/bid/29045 -
References	~~() http://www.securitytracker.com/id?1019965 -~~	() http://www.securitytracker.com/id?1019965 -
References	~~() http://www.vupen.com/english/advisories/2008/1440/references -~~	() http://www.vupen.com/english/advisories/2008/1440/references -
References	~~() https://exchange.xforce.ibmcloud.com/vulnerabilities/42219 -~~	() https://exchange.xforce.ibmcloud.com/vulnerabilities/42219 -

Information

Published : 2008-05-06 15:20

Updated : 2024-11-21 00:46

NVD link : CVE-2008-2080

Mitre link : CVE-2008-2080

CVE.ORG link : CVE-2008-2080

JSON object : View

Products Affected

nasa_goddard_space_flight_center

common_data_format

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

7.5 /10