Unrated severityNVD Advisory· Published Mar 27, 2008· Updated Jun 16, 2026
CVE-2008-1391
CVE-2008-1391
Description
Multiple integer overflows in libc in NetBSD 4.x, FreeBSD 6.x and 7.x, and probably other BSD and Apple Mac OS platforms allow context-dependent attackers to execute arbitrary code via large values of certain integer fields in the format argument to (1) the strfmon function in lib/libc/stdlib/strfmon.c, related to the GET_NUMBER macro; and (2) the printf function, related to left_prec and right_prec.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
12cpe:2.3:o:freebsd:freebsd:6.0:*:*:*:*:*:*:*+ 7 more
- cpe:2.3:o:freebsd:freebsd:6.0:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:6.0_p5_release:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:6.0:release:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:6.0:stable:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:7.0_beta4:*:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:7.0:pre-release:*:*:*:*:*:*
- cpe:2.3:o:freebsd:freebsd:7.0_releng:*:*:*:*:*:*:*
- Range: unknown
Patches
Vulnerability mechanics
References
15- securityreason.com/achievement_securityalert/53nvdExploit
- securityreason.com/securityalert/3770nvdExploit
- www.us-cert.gov/cas/techalerts/TA08-350A.htmlnvdUS Government Resource
- cvsweb.netbsd.org/bsdweb.cgi/src/lib/libc/stdlib/strfmon.cnvd
- lists.apple.com/archives/security-announce//2008//Dec/msg00000.htmlnvd
- secunia.com/advisories/29574nvd
- secunia.com/advisories/33179nvd
- support.apple.com/kb/HT3338nvd
- www.debian.org/security/2010/dsa-2058nvd
- www.securityfocus.com/archive/1/490158/100/0/threadednvd
- www.securityfocus.com/bid/28479nvd
- www.securitytracker.com/idnvd
- www.vupen.com/english/advisories/2008/3444nvd
- exchange.xforce.ibmcloud.com/vulnerabilities/41504nvd
- lists.opensuse.org/opensuse-security-announce/2010-10/msg00007.htmlnvd
News mentions
0No linked articles in our index yet.