Home > Vulnerability Database > CVE-2008-1367

Mend.io Vulnerability Database

CVE-2008-1367

Date: March 17, 2008

gcc 4.3.x does not generate a cld instruction while compiling functions used for string manipulation such as memcpy and memmove on x86 and i386, which can prevent the direction flag (DF) from being reset in violation of ABI conventions and cause data to be copied in the wrong direction during signal handling in the Linux kernel, which might allow context-dependent attackers to trigger memory corruption. NOTE: this issue was originally reported for CPU consumption in SBCL.

Severity Score

7.3

Related Resources (31)

Url: http://secunia.com/advisories/30890

Url: http://secunia.com/advisories/30110

Url: http://www.redhat.com/support/errata/RHSA-2008-0211.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2008-1367

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/41340

Url: http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00417.html

Url: http://lists.vmware.com/pipermail/security-announce/2008/000023.html

Url: http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00002.html

Url: https://access.redhat.com/security/cve/CVE-2008-1367

Url: http://secunia.com/advisories/30116

Url: http://secunia.com/advisories/30850

Url: http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00000.html

Url: http://secunia.com/advisories/31246

Url: http://www.redhat.com/support/errata/RHSA-2008-0233.html

Url: http://secunia.com/advisories/30818

Url: http://lwn.net/Articles/272048/#Comments

Url: http://www.securityfocus.com/bid/29084

Url: http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00428.html

Url: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11108

Url: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=469058

Url: http://lkml.org/lkml/2008/3/5/207

Url: http://www.vupen.com/english/advisories/2008/2222/references

Url: http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00499.html

Url: http://secunia.com/advisories/30962

Url: http://gcc.gnu.org/ml/gcc-patches/2008-03/msg00432.html

Url: http://marc.info/?l=git-commits-head&m=120492000901739&w=2

Url: http://rhn.redhat.com/errata/RHSA-2008-0508.html

Url: http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00006.html

Url: https://bugzilla.redhat.com/show_bug.cgi?id=437312

Url: http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=e40cd10ccff3d9fbffd57b93780bee4b7b9bff51

Url: https://www.mend.io/vulnerability-database/CVE-2008-1367

Severity Score

7.3

Weakness Type (CWE)

Resource Management Errors

CWE-399

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2008-1367

Date: March 17, 2008

Severity Score

Related Resources (31)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?