Heap-Based Buffer Overflow in GNU ed by The GNU Project
CVE-2008-3916

Currently unrated

Key Information:

Vendor
Gnu
Status
Vendor
CVE Published:
4 September 2008

Summary

A heap-based buffer overflow vulnerability exists in the strip_escapes function of signal.c in GNU ed prior to version 1.0. This vulnerability allows context-dependent or user-assisted attackers to exploit the system by providing a long filename. Since GNU ed typically runs without special privileges, the vulnerability poses a significant risk only when invoked as part of a third-party component, potentially crossing privilege boundaries and enabling arbitrary code execution. It is crucial for users and system administrators to be aware of this issue and apply necessary mitigations.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.