CyberSec.Space Logo
返回 CVE 浏览器

CVE-2009-0537

MEDIUM
4.9
CVSS Severity Score
EPSS Score0.0980%
EPSS Percentile10.39th
Published2009年3月9日
Last Modified2026年4月23日

Vulnerability Description

Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.

Affected Platforms (CPE)

📦
Microsoft

Interix

= 6.0
💻
Openbsd

Openbsd

<= 4.4
💻
Openbsd

Openbsd

= 2.0
💻
Openbsd

Openbsd

= 2.1
💻
Openbsd

Openbsd

= 2.2
💻
Openbsd

Openbsd

= 2.3
💻
Openbsd

Openbsd

= 2.4
💻
Openbsd

Openbsd

= 2.5
💻
Openbsd

Openbsd

= 2.6
💻
Openbsd

Openbsd

= 2.7
💻
Openbsd

Openbsd

= 2.8
💻
Openbsd

Openbsd

= 2.9
💻
Openbsd

Openbsd

= 3.0
💻
Openbsd

Openbsd

= 3.1
💻
Openbsd

Openbsd

= 3.2
💻
Openbsd

Openbsd

= 3.3
💻
Openbsd

Openbsd

= 3.4
💻
Openbsd

Openbsd

= 3.5
💻
Openbsd

Openbsd

= 3.6
💻
Openbsd

Openbsd

= 3.7
💻
Openbsd

Openbsd

= 3.8
💻
Openbsd

Openbsd

= 3.9
💻
Openbsd

Openbsd

= 4.0
💻
Openbsd

Openbsd

= 4.1
💻
Openbsd

Openbsd

= 4.2
💻
Openbsd

Openbsd

= 4.3

References & Advisories

🔗 http://securityreason.com/achievement_securityalert/60
🔗 http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c
🔗 http://www.openbsd.org/cgi-bin/cvsweb/src/lib/libc/gen/fts.c.diff?r1=1.41%3Br2=1.42%3Bf=h
🔗 http://www.securityfocus.com/archive/1/501505/100/0/threaded
🔗 http://www.securityfocus.com/bid/34008
🔗 http://www.securitytracker.com/id?1021818
🔗 https://www.exploit-db.com/exploits/8163
🔗 http://securityreason.com/achievement_securityalert/60

相关漏洞威胁

CVE-2002-00207.5

Buffer overflow in telnet server in Windows 2000 and Interix 2.2 allows remote attackers to execute arbitrary code via malformed p...

CVE-2002-11405.0

The Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Windows NT4, 2000, and XP, allows r...

CVE-2002-11415.0

An input validation error in the Sun Microsystems RPC library Services for Unix 3.0 Interix SD, as implemented on Microsoft Window...

CVE-2026-121917.8

A vulnerability was found in Comma AI Openpilot 0.11. This issue affects the function pickle.load/pickle.loads of the file selfdri...