VDB
CVE-2009-4020
CVE-2009-4020
PUBLISHED
CVSS 7.800000190734863 HIGH
Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c.
EPSS 5.78% · 90.7th percentile
Risk Scores
CVSS 2.0
7.800000190734863
EPSS Score
5.78%
90.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| linux | linux_kernel | 2.6.32 |
Exploit Intelligence
- [linux-mm-commits] 20091203 + hfs-fix-a-potential-buffer-overflow.patch added to -mm tree (circl)
- 38276 (circl)
- oval:org.mitre.oval:def:10091 (circl)
- http://support.avaya.com/css/P8/documents/100073666 (circl)
- [oss-security] 20091204 CVE-2009-4020 kernel: hfs buffer overflow (circl)
- oval:org.mitre.oval:def:6750 (circl)
- https://bugzilla.redhat.com/show_bug.cgi?id=540736 (circl)
- http://userweb.kernel.org/~akpm/mmotm/broken-out/hfs-fix-a-potential-buffer-overflow.patch (circl)
- SUSE-SA:2010:019 (circl)
- SUSE-SA:2010:023 (circl)
…and 7 more exploits
Timeline
- Dec 4, 2009 CVE Published
- May 16, 2012 PoC Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 3, 2023 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 26, 2023 EPSS Score
References
- [linux-mm-commits] 20091203 + hfs-fix-a-potential-buffer-overflow.patch added to -mm tree mailing-list
- 38276 third-party-advisory
- oval:org.mitre.oval:def:10091 vdb
- http://support.avaya.com/css/P8/documents/100073666 url
- [oss-security] 20091204 CVE-2009-4020 kernel: hfs buffer overflow mailing-list
- oval:org.mitre.oval:def:6750 vdb
- https://bugzilla.redhat.com/show_bug.cgi?id=540736 url
- http://userweb.kernel.org/~akpm/mmotm/broken-out/hfs-fix-a-potential-buffer-overflow.patch url
- SUSE-SA:2010:019 vendor-advisory
- SUSE-SA:2010:023 vendor-advisory
- RHSA-2010:0095 vendor-advisory
- 39742 third-party-advisory
- SUSE-SA:2010:005 vendor-advisory
- RHSA-2010:0046 vendor-advisory
- DSA-2005 vendor-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2009-4020 advisory
- https://access.redhat.com/errata/RHSA-2010:0046 url
- https://access.redhat.com/errata/RHSA-2010:0076 url
- https://access.redhat.com/security/cve/CVE-2009-4020 url