CVE-2009-4020 — Vulnetix

Try Vulnetix Request Demo

CVE-2009-4020 PUBLISHED CVSS 7.800000190734863 HIGH

Stack-based buffer overflow in the hfs subsystem in the Linux kernel 2.6.32 allows remote attackers to have an unspecified impact via a crafted Hierarchical File System (HFS) filesystem, related to the hfs_readdir function in fs/hfs/dir.c.

EPSS 3.81% · 88.0th percentile

Risk Scores

CVSS v2.0

7.800000190734863

EPSS Score

3.81%

88.0th percentile

Affected Products

Vendor	Product	Versions
n/a	n/a	n/a
linux	linux_kernel	2.6.32

Timeline

Dec 4, 2009 CVE Published
May 16, 2012 PoC Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 3, 2023 EPSS Score
Feb 4, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score

References

[linux-mm-commits] 20091203 + hfs-fix-a-potential-buffer-overflow.patch added to -mm tree mailing-list
38276 third-party-advisory
oval:org.mitre.oval:def:10091 vdb
http://support.avaya.com/css/P8/documents/100073666 url
[oss-security] 20091204 CVE-2009-4020 kernel: hfs buffer overflow mailing-list
oval:org.mitre.oval:def:6750 vdb
https://bugzilla.redhat.com/show_bug.cgi?id=540736 url
http://userweb.kernel.org/~akpm/mmotm/broken-out/hfs-fix-a-potential-buffer-overflow.patch url
SUSE-SA:2010:019 vendor-advisory
SUSE-SA:2010:023 vendor-advisory
RHSA-2010:0095 vendor-advisory
39742 third-party-advisory
SUSE-SA:2010:005 vendor-advisory
RHSA-2010:0046 vendor-advisory
DSA-2005 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2009-4020 advisory
https://access.redhat.com/errata/RHSA-2010:0046 url
https://access.redhat.com/errata/RHSA-2010:0076 url
https://access.redhat.com/security/cve/CVE-2009-4020 url

Open in Interactive Console →