Heap-Based Buffer Overflow in GNU ed by The GNU Project
CVE-2008-3916
Currently unrated
Summary
A heap-based buffer overflow vulnerability exists in the strip_escapes function of signal.c in GNU ed prior to version 1.0. This vulnerability allows context-dependent or user-assisted attackers to exploit the system by providing a long filename. Since GNU ed typically runs without special privileges, the vulnerability poses a significant risk only when invoked as part of a third-party component, potentially crossing privilege boundaries and enabling arbitrary code execution. It is crucial for users and system administrators to be aware of this issue and apply necessary mitigations.
References
Timeline
Vulnerability published
Vulnerability Reserved