Unrated severityNVD Advisory· Published Apr 27, 2008· Updated Apr 23, 2026

CVE-2008-1994

Description

Multiple stack-based buffer overflows in (a) acon.c, (b) menu.c, and (c) child.c in Acon 1.0.5-5 through 1.0.5-7 allow local users to execute arbitrary code via (1) a long HOME environment variable or (2) a large number of terminal columns.

Affected products

Ahmed Abdel Hamid Mohamed/Acon3 versions
cpe:2.3:a:ahmed_abdel-hamid_mohamed:acon:1.0.5-5:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:ahmed_abdel-hamid_mohamed:acon:1.0.5-5:*:*:*:*:*:*:*
- cpe:2.3:a:ahmed_abdel-hamid_mohamed:acon:1.0.5-6:*:*:*:*:*:*:*
- cpe:2.3:a:ahmed_abdel-hamid_mohamed:acon:1.0.5-7:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

secunia.com/advisories/29909nvdVendor Advisory
bugs.debian.org/cgi-bin/bugreport.cginvd
bugs.debian.org/cgi-bin/bugreport.cginvd
www.securityfocus.com/bid/28862nvd
exchange.xforce.ibmcloud.com/vulnerabilities/41915nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000