CVE-2008-2149 - Vulnerability Details - OpenCVE

Stack-based buffer overflow in the searchwn function in Wordnet 2.0, 2.1, and 3.0 might allow context-dependent attackers to execute arbitrary code via a long command line option. NOTE: this issue probably does not cross privilege boundaries except in cases in which Wordnet is used as a back end.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Wordnet	Wordnet

Configuration 1 [-]

OR	cpe:2.3:a:wordnet:wordnet:2.0:::::::*
	cpe:2.3:a:wordnet:wordnet:2.1:::::::*
	cpe:2.3:a:wordnet:wordnet:3.0:::::::*

No data.

References

Link	Providers
http://secunia.com/advisories/30242
http://secunia.com/advisories/31654
http://secunia.com/advisories/32184
http://www.debian.org/security/2008/dsa-1634
http://www.gentoo.org/security/en/glsa/glsa-200810-01.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:182
http://www.securityfocus.com/bid/29208
http://www.vupen.com/english/advisories/2008/1527/references
https://bugs.gentoo.org/show_bug.cgi?id=211491
https://exchange.xforce.ibmcloud.com/vulnerabilities/42378

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-05-12T21:00:00.000Z

Updated: 2024-08-07T08:49:58.471Z

Reserved: 2008-05-12T00:00:00.000Z

Link: CVE-2008-2149

Vulnrichment

No data.

NVD

Status : Modified

Published: 2008-05-12T21:20:00.000

Modified: 2026-04-23T00:35:47.467

Link: CVE-2008-2149

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-05-09T00:00:00.000Z", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the searchwn function in Wordnet 2.0, 2.1, and 3.0 might allow context-dependent attackers to execute arbitrary code via a long command line option. NOTE: this issue probably does not cross privilege boundaries except in cases in which Wordnet is used as a back end."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01.000Z", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "30242", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30242"}, {"name": "MDVSA-2008:182", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:182"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=211491"}, {"name": "31654", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31654"}, {"name": "32184", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/32184"}, {"name": "wordnet-searchwn-bo(42378)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42378"}, {"name": "DSA-1634", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2008/dsa-1634"}, {"name": "GLSA-200810-01", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200810-01.xml"}, {"name": "ADV-2008-1527", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2008/1527/references"}, {"name": "29208", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29208"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-2149", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in the searchwn function in Wordnet 2.0, 2.1, and 3.0 might allow context-dependent attackers to execute arbitrary code via a long command line option. NOTE: this issue probably does not cross privilege boundaries except in cases in which Wordnet is used as a back end."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "30242", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/30242"}, {"name": "MDVSA-2008:182", "refsource": "MANDRIVA", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:182"}, {"name": "https://bugs.gentoo.org/show_bug.cgi?id=211491", "refsource": "CONFIRM", "url": "https://bugs.gentoo.org/show_bug.cgi?id=211491"}, {"name": "31654", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/31654"}, {"name": "32184", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/32184"}, {"name": "wordnet-searchwn-bo(42378)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42378"}, {"name": "DSA-1634", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2008/dsa-1634"}, {"name": "GLSA-200810-01", "refsource": "GENTOO", "url": "http://www.gentoo.org/security/en/glsa/glsa-200810-01.xml"}, {"name": "ADV-2008-1527", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2008/1527/references"}, {"name": "29208", "refsource": "BID", "url": "http://www.securityfocus.com/bid/29208"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:49:58.471Z"}, "title": "CVE Program Container", "references": [{"name": "30242", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30242"}, {"name": "MDVSA-2008:182", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:182"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=211491"}, {"name": "31654", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31654"}, {"name": "32184", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/32184"}, {"name": "wordnet-searchwn-bo(42378)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42378"}, {"name": "DSA-1634", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2008/dsa-1634"}, {"name": "GLSA-200810-01", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://www.gentoo.org/security/en/glsa/glsa-200810-01.xml"}, {"name": "ADV-2008-1527", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2008/1527/references"}, {"name": "29208", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/29208"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-2149", "datePublished": "2008-05-12T21:00:00.000Z", "dateReserved": "2008-05-12T00:00:00.000Z", "dateUpdated": "2024-08-07T08:49:58.471Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:wordnet:wordnet:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "0161FA05-EC88-497F-A0F0-0BF09BEB2624", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordnet:wordnet:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "B2E2D3B7-FE7A-44F3-A08A-16C4383DD6A3", "vulnerable": true}, {"criteria": "cpe:2.3:a:wordnet:wordnet:3.0:*:*:*:*:*:*:*", "matchCriteriaId": "678000ED-F5CE-4FFE-B31A-ED94AF77D9D1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in the searchwn function in Wordnet 2.0, 2.1, and 3.0 might allow context-dependent attackers to execute arbitrary code via a long command line option. NOTE: this issue probably does not cross privilege boundaries except in cases in which Wordnet is used as a back end."}, {"lang": "es", "value": "Desbordamiento de b\u00fafer basado en pila en la funci\u00f3n searchwn de Wordnet 2.0, 2.1 y 3.0 podr\u00eda permitir a atacantes dependientes del contexto ejecutar c\u00f3digo de su elecci\u00f3n mediante una opci\u00f3n de l\u00ednea de comandos larga. NOTA: este tema probablemente no cruza l\u00edmites de privilegios excepto en casos en los que Wordnet se usa como motor interno (back end)."}], "id": "CVE-2008-2149", "lastModified": "2026-04-23T00:35:47.467", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": true, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-05-12T21:20:00.000", "references": [{"source": "cve@mitre.org", "url": "http://secunia.com/advisories/30242"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/31654"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/32184"}, {"source": "cve@mitre.org", "url": "http://www.debian.org/security/2008/dsa-1634"}, {"source": "cve@mitre.org", "url": "http://www.gentoo.org/security/en/glsa/glsa-200810-01.xml"}, {"source": "cve@mitre.org", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:182"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/29208"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2008/1527/references"}, {"source": "cve@mitre.org", "tags": ["Exploit"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=211491"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42378"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/30242"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/31654"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/32184"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.debian.org/security/2008/dsa-1634"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.gentoo.org/security/en/glsa/glsa-200810-01.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:182"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/29208"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2008/1527/references"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "https://bugs.gentoo.org/show_bug.cgi?id=211491"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42378"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}