None · Libc · CVE-2008-0988
**Name of the Vulnerable Software and Affected Versions**
Apple Mac OS X version 10.4.11
**Description**
The issue is caused by an off-by-one error in the Libsystem strnstr API in libc, which allows context-dependent attackers to cause a denial of service (crash) via crafted arguments that trigger a buffer over-read.
**Recommendations**
For Apple Mac OS X version 10.4.11, consider applying a patch or update to fix the off-by-one error in the Libsystem strnstr API. As a temporary workaround, restrict the use of crafted arguments to the strnstr API to minimize the risk of exploitation.