Security Flaw in GNU m4 Leading to Macro Expansion Issues
CVE-2008-1687

Currently unrated

Key Information:

Vendor: Gnu
Status: M4
Vendor: CVE Published:; 9 April 2008

What is CVE-2008-1687?

The GNU m4 utility contains a security flaw due to improper handling of the maketemp and mkstemp functions, which do not properly quote their output during file creation. This oversight enables attackers to exploit the system using crafted inputs that trigger unintended macro expansions. As a result, it may lead to the creation of files with incorrect names, potentially causing unpredictable behaviors or further exploitation within context-sensitive environments.

References

http://www.vupen.com/english/advisories/2008/1151/references

vdb-entryx_refsource_VUPEN

http://www.securityfocus.com/bid/28688

vdb-entryx_refsource_BID

http://www.openwall.com/lists/oss-security/2008/04/07/12

mailing-listx_refsource_MLIST

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Apr 9, 2008
Vulnerability Reserved
Apr 6, 2008

Gnu

What is CVE-2008-1687?

References

Timeline