Heap-Based Buffer Overflow in GNU ed by The GNU Project
CVE-2008-3916

Currently unrated

Key Information:

Vendor: Gnu
Status: Ed
Vendor: CVE Published:; 4 September 2008

Summary

A heap-based buffer overflow vulnerability exists in the strip_escapes function of signal.c in GNU ed prior to version 1.0. This vulnerability allows context-dependent or user-assisted attackers to exploit the system by providing a long filename. Since GNU ed typically runs without special privileges, the vulnerability poses a significant risk only when invoked as part of a third-party component, potentially crossing privilege boundaries and enabling arbitrary code execution. It is crucial for users and system administrators to be aware of this issue and apply necessary mitigations.

References

http://secunia.com/advisories/43068

third-party-advisoryx_refsource_SECUNIA

http://www.vupen.com/english/advisories/2008/3347

vdb-entryx_refsource_VUPEN

https://oval.cisecurity.org/repository/search/definition/...

vdb-entrysignaturex_refsource_OVAL

Timeline

Vulnerability published
Sep 4, 2008
Vulnerability Reserved
Sep 4, 2008