CVE-2008-1687

Currently unrated

Key Information:

Vendor: Gnu
Status: M4
Vendor: CVE Published:; 9 April 2008

Summary

The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename.

References

http://www.vupen.com/english/advisories/2008/1151/references

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/28688

vdb-entryx_refsource_BID

http://www.openwall.com/lists/oss-security/2008/04/07/12

mailing-listx_refsource_MLIST

EPSS Score

1% chance of being exploited in the next 30 days.

Timeline

Vulnerability published
Apr 9, 2008
Vulnerability Reserved
Apr 6, 2008