Unrated severityNVD Advisory· Published Nov 1, 2008· Updated Apr 23, 2026

CVE-2008-4865

Description

Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been disputed, but CVE is including this issue because execution of a program from an untrusted directory is a common scenario.

Affected products

Valgrind/Valgrind22 versions
cpe:2.3:a:valgrind:valgrind:*:rc1:*:*:*:*:*:*+ 21 more
- cpe:2.3:a:valgrind:valgrind:*:rc1:*:*:*:*:*:*range: <=3.4.0
- cpe:2.3:a:valgrind:valgrind:1.9.6:*:*:*:*:*:*:*
- cpe:2.3:a:valgrind:valgrind:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:valgrind:valgrind:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:valgrind:valgrind:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:valgrind:valgrind:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:valgrind:valgrind:2.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:valgrind:valgrind:2.4.1:*:powerpc:*:*:*:*:*
- cpe:2.3:a:valgrind:valgrind:3.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:valgrind:valgrind:3.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:valgrind:valgrind:3.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:valgrind:valgrind:3.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:valgrind:valgrind:3.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:valgrind:valgrind:3.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:valgrind:valgrind:3.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:valgrind:valgrind:3.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:valgrind:valgrind:3.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:valgrind:valgrind:3.3.0:rc1:*:*:*:*:*:*
- cpe:2.3:a:valgrind:valgrind:3.3.0:rc2:*:*:*:*:*:*
- cpe:2.3:a:valgrind:valgrind:3.3.0:rc3:*:*:*:*:*:*
- cpe:2.3:a:valgrind:valgrind:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:valgrind:valgrind:3.3.1:rc1:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000