CVE-2008-3908

Name of the Vulnerable Software and Affected Versions Princeton WordNet version 3.0

Description The issue allows context-dependent attackers to execute arbitrary code. This can be achieved through various means, including a long argument on the command line, long WNSEARCHDIR, WNHOME, or WNDBVERSION environment variables, or a user-supplied dictionary. It's noted that since WordNet itself does not run with special privileges, the issue only crosses privilege boundaries when WordNet is invoked as a third-party component.

Recommendations For Princeton WordNet version 3.0, consider restricting the use of the command line argument and limiting the length of WNSEARCHDIR, WNHOME, and WNDBVERSION environment variables to prevent exploitation. Additionally, validate and sanitize user-supplied dictionaries to minimize the risk. At the moment, there is no information about a newer version that contains a fix for this vulnerability.