CVE-2008-4933 — Vulnetix

Try Vulnetix Request Demo

CVE-2008-4933 PUBLISHED CVSS 7.800000190734863 HIGH

Buffer overflow in the hfsplus_find_cat function in fs/hfsplus/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfsplus filesystem image with an invalid catalog namelength field, related to the hfsplus_cat_build_key_uni function.

EPSS 1.17% · 78.6th percentile

Risk Scores

CVSS v2.0

7.800000190734863

EPSS Score

1.17%

78.6th percentile

Affected Products

Vendor	Product	Versions
linux	linux_kernel	2.6.27, 0, 2.2.27
n/a	n/a	n/a

Timeline

Nov 5, 2008 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

32998 third-party-advisory
MDVSA-2008:234 vendor-advisory
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=efc7ffcb4237f8cb9938909041c4ed38f6e1bf40 url
33641 third-party-advisory
linux-kernel-hfsplusfindcat-bo(46405) vdb
32093 vdb
RHSA-2009:0014 vendor-advisory
33556 third-party-advisory
DSA-1687 vendor-advisory
RHSA-2009:0264 vendor-advisory
32918 third-party-advisory
33858 third-party-advisory
USN-679-1 vendor-advisory
oval:org.mitre.oval:def:11061 vdb
[oss-security] 20081103 CVE requests: kernel: hfsplus-related bugs mailing-list
32510 third-party-advisory
33180 third-party-advisory
http://kernel.org/pub/linux/kernel/v2.6/testing/ChangeLog-2.6.28-rc1 url
33704 third-party-advisory
DSA-1681 vendor-advisory

…and 4 more

Open in Interactive Console →