Description
Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfs filesystem image with an invalid catalog namelength field, a related issue to CVE-2008-4933.
Published: 2008-11-17
Score: 7.8 High
EPSS: 1.4% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

No vendor fix or workaround currently provided.

Additional remediation guidance may be available on OpenCVE Cloud.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-1681-1 New Linux 2.6.24 packages fix several vulnerabilities
Debian DSA Debian DSA DSA-1687-1 New Linux 2.6.18 packages fix several vulnerabilities
EUVD EUVD EUVD-2008-5004 Stack-based buffer overflow in the hfs_cat_find_brec function in fs/hfs/catalog.c in the Linux kernel before 2.6.28-rc1 allows attackers to cause a denial of service (memory corruption or system crash) via an hfs filesystem image with an invalid catalog namelength field, a related issue to CVE-2008-4933.
Ubuntu USN Ubuntu USN USN-679-1 Linux kernel vulnerabilities
References
Link Providers
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.27.y.git%3Ba=commit%3Bh=d38b7aa7fc3371b52d036748028db50b585ade2e cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00006.html cve-icon cve-icon
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00010.html cve-icon cve-icon
http://openwall.com/lists/oss-security/2008/11/10/1 cve-icon cve-icon
http://openwall.com/lists/oss-security/2008/11/10/3 cve-icon cve-icon
http://openwall.com/lists/oss-security/2008/11/10/6 cve-icon cve-icon
http://openwall.com/lists/oss-security/2008/11/10/7 cve-icon cve-icon
http://openwall.com/lists/oss-security/2008/11/11/1 cve-icon cve-icon
http://openwall.com/lists/oss-security/2008/11/11/12 cve-icon cve-icon
http://osvdb.org/49863 cve-icon cve-icon
http://rhn.redhat.com/errata/RHSA-2009-0264.html cve-icon cve-icon
http://secunia.com/advisories/32719 cve-icon cve-icon
http://secunia.com/advisories/32918 cve-icon cve-icon
http://secunia.com/advisories/32998 cve-icon cve-icon
http://secunia.com/advisories/33180 cve-icon cve-icon
http://secunia.com/advisories/33556 cve-icon cve-icon
http://secunia.com/advisories/33641 cve-icon cve-icon
http://secunia.com/advisories/33704 cve-icon cve-icon
http://secunia.com/advisories/33858 cve-icon cve-icon
http://www.debian.org/security/2008/dsa-1681 cve-icon cve-icon
http://www.debian.org/security/2008/dsa-1687 cve-icon cve-icon
http://www.mandriva.com/security/advisories?name=MDVSA-2008:246 cve-icon cve-icon
http://www.redhat.com/support/errata/RHSA-2009-0014.html cve-icon cve-icon
http://www.securityfocus.com/bid/32289 cve-icon cve-icon
http://www.securitytracker.com/id?1021230 cve-icon cve-icon
http://www.ubuntu.com/usn/usn-679-1 cve-icon cve-icon
https://bugzilla.redhat.com/show_bug.cgi?id=470769 cve-icon cve-icon
https://exchange.xforce.ibmcloud.com/vulnerabilities/46605 cve-icon cve-icon
https://nvd.nist.gov/vuln/detail/CVE-2008-5025 cve-icon
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10470 cve-icon cve-icon
https://www.cve.org/CVERecord?id=CVE-2008-5025 cve-icon
History

No history.

Subscriptions

Linux Linux Kernel
Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: mitre

Published:

Updated: 2024-08-07T10:40:16.979Z

Reserved: 2008-11-10T00:00:00.000Z

Link: CVE-2008-5025

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Modified

Published: 2008-11-17T23:30:00.483

Modified: 2026-04-23T00:35:47.467

Link: CVE-2008-5025

cve-icon Redhat

Severity : Low

Publid Date: 2008-10-15T00:00:00Z

Links: CVE-2008-5025 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses