CVE-2008-1994

Multiple stack-based buffer overflows in (a) acon.c, (b) menu.c, and (c) child.c in Acon 1.0.5-5 through 1.0.5-7 allow local users to execute arbitrary code via (1) a long HOME environment variable or (2) a large number of terminal columns.

Published: Apr 27, 2008
Updated: Apr 13, 2023
CVE: CVE-2008-1994
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.2
AV:L/AC:L/Au:N/C:C/I:C/A:C

CWEs:

CWE-119

Affected Software
References

Software	From	Fixed in
ahmed_abdel-hamid_mohamed / acon	1.0.5-6	1.0.5-6.x
ahmed_abdel-hamid_mohamed / acon	1.0.5-5	1.0.5-5.x
ahmed_abdel-hamid_mohamed / acon	1.0.5-7	1.0.5-7.x

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=475733
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=476603
http://secunia.com/advisories/29909
http://www.securityfocus.com/bid/28862
https://exchange.xforce.ibmcloud.com/vulnerabilities/41915

Vulnerability Database

289,871

CVE-2008-1994