Buffer overflow in the util_path_encode function in udev/lib/libudev-util.c in udev before 1.4.1 allows local users to cause a denial of service (service outage) via vectors that trigger a call with crafted arguments.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Configuration 5 (hide)
|
History
13 Feb 2023, 02:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
03 Jun 2022, 15:05
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:kernel:udev:0.1.5:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.2.9:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.3.5:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.3.8:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.2.1:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.2.3:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.6.0:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.1.0:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.1.0-1:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.8.4:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.9.5:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.0.1:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.4.6:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.3.3:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.1.7:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.4.9:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.7.6:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.7.8:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.8.9:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.4.2:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.2.4:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.3.2:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.8.3:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.4.7:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.2.4:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.3.4:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.2.7:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.1.7:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.1.9:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.0.9-1:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.9.4:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.7.1:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.9.1:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.0.8:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.0.7:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.3.7:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.0.3:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.0.3:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.1.4:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.0.8-1:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.7.2:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.0.2:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.6.3:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.9.7:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.2.8:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.1.5:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.4.3:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.3.8:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.7.3:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.1.8:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.3.1:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.6.8:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.1.1-1:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.0.1:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:*:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.1.4:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.3.7:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.5.8:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.3.9:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.5.7:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.0.8:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.8.1:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.0.5:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.5.3:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.6.4:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.2.8:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.5.2:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.8.5:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.4.8:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.6.2:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.1.3:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.9.0:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.0.5:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.3.6:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.2.3:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.0.0:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.1.9:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.8.8:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.3.3:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.6.7:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.3.5:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.5.5:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.1.6:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.2.1:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.4.0:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.7.5:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.2.7:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.5.1:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.8.2:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.6.5:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.9.3:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.1.6:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.0.6:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.2.9:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.3.4:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.5.4:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.3.0:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.7.0:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.7.7:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.3.2:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.0.7:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.2.6:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.0.2:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.2.2:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.2.6:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.0.4-1:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.9.9:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.1.1:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.3.9:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.4.5:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.7.9:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.2.2:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.1.8:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.1.3:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.1.2:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.9.6:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.6.1:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.0.5-1:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.3.0:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.5.6:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.6.6:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.2.0:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.8.6:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.4.4:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.5.9:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.8.0:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.9.2:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.8.7:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.0.6:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.5.0:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.3.1:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.6.9:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.2.0:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.7.4:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.9.8:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.0.9:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.0.4:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.3.6:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.2.5:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:0.0.9:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.2.5:*:*:*:*:*:*:* cpe:2.3:a:kernel:udev:1.0.4:*:*:*:*:*:*:* |
cpe:2.3:o:suse:linux_enterprise_server:11:-:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:7.10:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:5.0:*:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:10.3:*:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:11.0:*:*:*:*:*:*:* cpe:2.3:a:suse:linux_enterprise_debuginfo:11:-:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:8.04:*:*:*:-:*:*:* cpe:2.3:o:suse:linux_enterprise_desktop:10:sp2:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:6.06:*:*:*:*:*:*:* cpe:2.3:a:udev_project:udev:*:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:10:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:9:*:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_server:10:sp2:*:*:*:*:*:* cpe:2.3:a:suse:linux_enterprise_debuginfo:10:sp2:*:*:*:*:*:* cpe:2.3:o:suse:linux_enterprise_desktop:11:-:*:*:*:*:*:* cpe:2.3:o:opensuse:opensuse:11.1:*:*:*:*:*:*:* cpe:2.3:o:canonical:ubuntu_linux:8.10:*:*:*:*:*:*:* cpe:2.3:o:debian:debian_linux:4.0:*:*:*:*:*:*:* |
CWE | CWE-120 | |
First Time |
Suse linux Enterprise Debuginfo
Fedoraproject Opensuse opensuse Udev Project udev Suse linux Enterprise Server Fedoraproject fedora Debian Canonical ubuntu Linux Canonical Opensuse Debian debian Linux Suse linux Enterprise Desktop Suse Udev Project |
|
References | (SECUNIA) http://secunia.com/advisories/34750 - Not Applicable | |
References | (BUGTRAQ) http://www.securityfocus.com/archive/1/502752/100/0/threaded - Third Party Advisory, VDB Entry | |
References | (BID) http://www.securityfocus.com/bid/34539 - Third Party Advisory, VDB Entry | |
References | (MISC) https://launchpad.net/bugs/cve/2009-1186 - Third Party Advisory | |
References | (CONFIRM) http://git.kernel.org/?p=linux/hotplug/udev.git;a=commitdiff;h=662c3110803bd8c1aedacc36788e6fd028944314 - Patch, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/34785 - Not Applicable | |
References | (SECUNIA) http://secunia.com/advisories/34731 - Not Applicable | |
References | (GENTOO) http://www.gentoo.org/security/en/glsa/glsa-200904-18.xml - Third Party Advisory | |
References | (MISC) http://wiki.rpath.com/wiki/Advisories:rPSA-2009-0063 - Broken Link | |
References | (SECUNIA) http://secunia.com/advisories/34753 - Not Applicable | |
References | (SECUNIA) http://secunia.com/advisories/34787 - Not Applicable | |
References | (CONFIRM) http://wiki.rpath.com/Advisories:rPSA-2009-0063 - Broken Link | |
References | (UBUNTU) http://www.ubuntu.com/usn/usn-758-1 - Third Party Advisory | |
References | (SLACKWARE) http://slackware.com/security/viewer.php?l=slackware-security&y=2009&m=slackware-security.446399 - Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/34801 - Not Applicable | |
References | (SECUNIA) http://secunia.com/advisories/34771 - Not Applicable | |
References | (SECTRACK) http://www.securitytracker.com/id?1022068 - Broken Link, Third Party Advisory, VDB Entry | |
References | (DEBIAN) http://www.debian.org/security/2009/dsa-1772 - Third Party Advisory | |
References | (SUSE) http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00006.html - Mailing List, Third Party Advisory | |
References | (VUPEN) http://www.vupen.com/english/advisories/2009/1053 - Permissions Required | |
References | (MANDRIVA) http://www.mandriva.com/security/advisories?name=MDVSA-2009:103 - Broken Link | |
References | (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00462.html - Mailing List, Third Party Advisory | |
References | (CONFIRM) https://bugzilla.redhat.com/show_bug.cgi?id=495052 - Issue Tracking, Patch, Third Party Advisory | |
References | (FEDORA) https://www.redhat.com/archives/fedora-package-announce/2009-April/msg00463.html - Mailing List, Third Party Advisory | |
References | (SECUNIA) http://secunia.com/advisories/34776 - Not Applicable |
Information
Published : 2009-04-17 14:30
Updated : 2023-12-10 10:51
NVD link : CVE-2009-1186
Mitre link : CVE-2009-1186
CVE.ORG link : CVE-2009-1186
JSON object : View
Products Affected
suse
- linux_enterprise_desktop
- linux_enterprise_debuginfo
- linux_enterprise_server
canonical
- ubuntu_linux
debian
- debian_linux
fedoraproject
- fedora
udev_project
- udev
opensuse
- opensuse
CWE
CWE-120
Buffer Copy without Checking Size of Input ('Classic Buffer Overflow')