PT-2008-2591 · None+1 · Libc+2
Mike Ash
·
Published
2008-03-18
·
Updated
2011-03-08
·
CVE-2008-0988
CVSS v2.0
4.3
Medium
| Vector | AV:N/AC:M/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Apple Mac OS X version 10.4.11
Description
The issue is caused by an off-by-one error in the Libsystem strnstr API in libc, which allows context-dependent attackers to cause a denial of service (crash) via crafted arguments that trigger a buffer over-read.
Recommendations
For Apple Mac OS X version 10.4.11, consider applying a patch or update to fix the off-by-one error in the Libsystem strnstr API. As a temporary workaround, restrict the use of crafted arguments to the strnstr API to minimize the risk of exploitation.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Libsystem
Macos X
Libc