VYPR
Unrated severityNVD Advisory· Published Aug 5, 2008· Updated Jun 16, 2026

CVE-2008-3389

CVE-2008-3389

Description

Stack-based buffer overflow in the libbecompat library in Ingres 2.6, Ingres 2006 release 1 (aka 9.0.4), and Ingres 2006 release 2 (aka 9.1.0) on Linux and HP-UX allows local users to gain privileges by setting a long value of an environment variable before running (1) verifydb, (2) iimerge, or (3) csreport.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

5
  • Actian/Ingres4 versions
    cpe:2.3:a:ingres:ingres:2006:9.0.4:*:*:*:*:*:*+ 3 more
    • cpe:2.3:a:ingres:ingres:2006:9.0.4:*:*:*:*:*:*
    • cpe:2.3:a:ingres:ingres:2006:9.1.0:*:*:*:*:*:*
    • cpe:2.3:a:ingres:ingres:2.6:*:*:*:*:*:*:*
    • (no CPE)

Patches

Vulnerability mechanics

References

11

News mentions

0

No linked articles in our index yet.