CVE-2008-2080

Stack-based buffer overflow in the Read32s_64 function in src/lib/cdfread64.c in the NASA Goddard Space Flight Center Common Data Format (CDF) library before 3.2.1 allows context-dependent attackers to execute arbitrary code via a .cdf file with crafted length tags.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://cdf.gsfc.nasa.gov/CDF32_buffer_overflow.html
http://secunia.com/advisories/30053
http://secunia.com/advisories/30169
http://security.gentoo.org/glsa/glsa-200805-14.xml
http://www.coresecurity.com/?action=item&id=2260	Exploit Patch
http://www.securityfocus.com/bid/29045
http://www.securitytracker.com/id?1019965
http://www.vupen.com/english/advisories/2008/1440/references
https://exchange.xforce.ibmcloud.com/vulnerabilities/42219

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format::::::::
	cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:2.0:::::::*
	cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:2.1:::::::*
	cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:2.2:::::::*
	cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:2.3:::::::*
	cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:2.4:::::::*
	cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:2.5:::::::*
	cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:2.6:::::::*
	cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:2.7:::::::*
	cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:3.0:::::::*
	cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:3.1:::::::*

History

No history.

Information

Published : 2008-05-06 15:20

Updated : 2024-02-04 17:33

NVD link : CVE-2008-2080

Mitre link : CVE-2008-2080

CVE.ORG link : CVE-2008-2080

JSON object : View

Products Affected

nasa_goddard_space_flight_center

common_data_format

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

{"id": "CVE-2008-2080", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.5, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "authentication": "NONE", "integrityImpact": "PARTIAL", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 6.4, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": true, "userInteractionRequired": false}]}, "published": "2008-05-06T15:20:00.000", "references": [{"url": "http://cdf.gsfc.nasa.gov/CDF32_buffer_overflow.html", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30053", "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/30169", "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-200805-14.xml", "source": "cve@mitre.org"}, {"url": "http://www.coresecurity.com/?action=item&id=2260", "tags": ["Exploit", "Patch"], "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/29045", "source": "cve@mitre.org"}, {"url": "http://www.securitytracker.com/id?1019965", "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/1440/references", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42219", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the Read32s_64 function in src/lib/cdfread64.c in the NASA Goddard Space Flight Center Common Data Format (CDF) library before 3.2.1 allows context-dependent attackers to execute arbitrary code via a .cdf file with crafted length tags."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n Read32s_64 de src/lib/cdfread64.c en la librer\u00eda NASA Goddard Space Flight Center Common Data Format (CDF) anterior a 3.2.1 permite a atacantes dependientes del contexto ejecutar c\u00f3digo de su elecci\u00f3n mediante un archivo .cdf con etiquetas de longitud largas."}], "lastModified": "2017-08-08T01:30:44.667", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "41A21366-AE55-4CB8-B425-01528FD23D64", "versionEndIncluding": "3.2"}, {"criteria": "cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0027323F-5D3F-414D-A123-9EF129FA541F"}, {"criteria": "cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4E159F33-74D3-46BA-BB77-93E8002A6945"}, {"criteria": "cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "42BDA289-612E-44D7-8894-C36D70B8516C"}, {"criteria": "cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "724374E5-F56C-4133-81DC-CD190A67119C"}, {"criteria": "cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:2.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0BD4B2FA-522D-453A-8C3A-C7700247D3E4"}, {"criteria": "cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:2.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA061A11-74B3-4F67-937A-6E683368303A"}, {"criteria": "cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:2.6:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4558EA11-DB7B-4B74-8ECE-CBB6F9BDF49B"}, {"criteria": "cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:2.7:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EA741B5E-EB75-46C2-A3D6-7E2BFCEF1F20"}, {"criteria": "cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:3.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E6B185C0-2DF9-4FD2-BD05-2C9487DDD96B"}, {"criteria": "cpe:2.3:a:nasa_goddard_space_flight_center:common_data_format:3.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B17EAF8B-6AC6-481D-A4F5-0E1B57EA92CD"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}