Информационная безопасность
[RU] switch to English


Многочисленные переполнения буфера в библиотеке WordNet
Опубликовано:2 сентября 2008 г.
Источник:
SecurityVulns ID:9256
Тип:библиотека
Уровень опасности:
5/10
Затронутые продукты:WORDNET : WordNet 3.0
CVE:CVE-2008-3908 (Multiple buffer overflows in Princeton WordNet (wn) 3.0 allow context-dependent attackers to execute arbitrary code via (1) a long argument on the command line; a long (2) WNSEARCHDIR, (3) WNHOME, or (4) WNDBVERSION environment variable; or (5) a user-supplied dictionary (aka data file). NOTE: since WordNet itself does not run with special privileges, this issue only crosses privilege boundaries when WordNet is invoked as a third party component.)
 CVE-2008-2149 (Stack-based buffer overflow in the searchwn function in Wordnet 2.0, 2.1, and 3.0 might allow context-dependent attackers to execute arbitrary code via a long command line option. NOTE: this issue probably does not cross privilege boundaries except in cases in which Wordnet is used as a back end.)
Оригинальный текстdocumentRob Holland, [oCERT-2008-014] WordNet stack and heap overflows (02.09.2008)

О сайте | Условия использования
© SecurityVulns, 3APA3A, Владимир Дубровин
Нижний Новгород