Security Flaw in GNU m4 Leading to Macro Expansion Issues
CVE-2008-1687

Currently unrated

Key Information:

Vendor
Gnu
Status
M4
Vendor
CVE Published:
9 April 2008

Summary

The GNU m4 utility contains a security flaw due to improper handling of the maketemp and mkstemp functions, which do not properly quote their output during file creation. This oversight enables attackers to exploit the system using crafted inputs that trigger unintended macro expansions. As a result, it may lead to the creation of files with incorrect names, potentially causing unpredictable behaviors or further exploitation within context-sensitive environments.

References

http://www.vupen.com/english/advisories/2008/1151/references
vdb-entryx_refsource_VUPEN
http://www.securityfocus.com/bid/28688
vdb-entryx_refsource_BID
http://www.openwall.com/lists/oss-security/2008/04/07/12
mailing-listx_refsource_MLIST

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.