VDB
CVE-2008-4933
CVE-2008-4933
PUBLISHED
CVSS 7.800000190734863 HIGH
Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to the hfsplus_cat_build_key_uni function.
EPSS 1.17% · 79.0th percentile
Risk Scores
CVSS 2.0
7.800000190734863
EPSS Score
1.17%
79.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| linux | linux_kernel | 2.6.27, 2.6, 0 |
| n/a | n/a | n/a |
Exploit Intelligence
- 32998 (circl)
- MDVSA-2008:234 (circl)
- http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=efc7ffcb4237f8cb9938909041c4ed38f6e1bf40 (circl)
- 33641 (circl)
- linux-kernel-hfsplusfindcat-bo(46405) (circl)
- 32093 (circl)
- RHSA-2009:0014 (circl)
- 33556 (circl)
- DSA-1687 (circl)
- RHSA-2009:0264 (circl)
…and 12 more exploits
Timeline
- Nov 5, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
References
- 32998 third-party-advisory
- MDVSA-2008:234 vendor-advisory
- http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=efc7ffcb4237f8cb9938909041c4ed38f6e1bf40 url
- 33641 third-party-advisory
- linux-kernel-hfsplusfindcat-bo(46405) vdb
- 32093 vdb
- RHSA-2009:0014 vendor-advisory
- 33556 third-party-advisory
- DSA-1687 vendor-advisory
- RHSA-2009:0264 vendor-advisory
- 32918 third-party-advisory
- 33858 third-party-advisory
- USN-679-1 vendor-advisory
- oval:org.mitre.oval:def:11061 vdb
- [oss-security] 20081103 CVE requests: kernel: hfsplus-related bugs mailing-list
- 32510 third-party-advisory
- 33180 third-party-advisory
- http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc1 url
- 33704 third-party-advisory
- DSA-1681 vendor-advisory
…and 4 more