CVE-2008-1687

SOURCE - nist

Summary

The (1) maketemp and (2) mkstemp builtin functions in GNU m4 before 1.4.11 do not quote their output when a file is created, which might allow context-dependent attackers to trigger a macro expansion, leading to unspecified use of an incorrect filename.

EPSS Score⁠: 0.01885 (0.884)

Common Weakness Enumeration (CWE)

SOURCE - nist

CWE-other⁠

Sources (4)

Impacted images

debian

CREATED

16 years ago

UPDATED

8 months ago

SOURCE IDCVE-2008-1687⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

Package	Type	OS Name	OS Version	Affected Ranges	Fix Versions
debian/m4	deb	debian	12	>=1.4.19-3	Not yet available
debian/m4	deb	debian	11	>=1.4.18-5	Not yet available
debian/m4	deb	debian	unstable	>=1.4.19-4	Not yet available
debian/m4	deb	debian	10	>=1.4.18-2	Not yet available
debian/m4	deb	debian	13	>=1.4.19-4	Not yet available

Severity and metrics

No CVSS data available from this source.

nist

CREATED

16 years ago

UPDATED

7 years ago

SOURCE IDCVE-2008-1687⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)

CWE-other⁠

CVSS SCORE

7.5high

ubuntu

CREATED

16 years ago

UPDATED

1 month ago

SOURCE IDCVE-2008-1687⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

CVSS SCORE

N/Alow

redhat

CREATED

16 years ago

UPDATED

10 months ago

SOURCE IDCVE-2008-1687⁠

EXPLOITABILITY SCORE

EXPLOITS FOUND

COMMON WEAKNESS ENUMERATION (CWE)-

RATING UNAVAILABLE FROM SOURCE