CVE-2009-0537

Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.

Published: Mar 9, 2009
Updated: Apr 13, 2023
CVE: CVE-2009-0537
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 4.9
AV:L/AC:L/Au:N/C:N/I:N/A:C

CWEs:

CWE-189

Affected Software
References

Software	From	Fixed in
openbsd / openbsd	4.1	4.1.x
openbsd / openbsd	3.7	3.7.x
openbsd / openbsd	2.8	2.8.x
openbsd / openbsd	3.8	3.8.x
openbsd / openbsd	-	4.4.x
openbsd / openbsd	3.1	3.1.x
openbsd / openbsd	3.3	3.3.x
openbsd / openbsd	2.9	2.9.x
openbsd / openbsd	2.1	2.1.x
openbsd / openbsd	2.2	2.2.x
openbsd / openbsd	3.9	3.9.x
openbsd / openbsd	2.0	2.0.x
openbsd / openbsd	2.7	2.7.x
openbsd / openbsd	3.2	3.2.x
openbsd / openbsd	2.4	2.4.x
openbsd / openbsd	4.2	4.2.x
openbsd / openbsd	3.6	3.6.x
openbsd / openbsd	3.0	3.0.x
openbsd / openbsd	4.0	4.0.x
openbsd / openbsd	3.5	3.5.x
microsoft / interix	6.0	6.0.x
openbsd / openbsd	2.6	2.6.x
openbsd / openbsd	4.3	4.3.x
openbsd / openbsd	2.5	2.5.x
openbsd / openbsd	2.3	2.3.x
openbsd / openbsd	3.4	3.4.x

Vulnerability Database

289,599

CVE-2009-0537