CVE-2009-1436

Published Apr 27, 2009

Last updated 8 years ago

CVSS info 4.9

Overview

Description: The db interface in libc in FreeBSD 6.3, 6.4, 7.0, 7.1, and 7.2-PRERELEASE does not properly initialize memory for Berkeley DB 1.85 database structures, which allows local users to obtain sensitive information by reading a database file.
Source: cve@mitre.org
NVD status: Modified

Risk scores

CVSS 2.0

Type: Primary
Base score: 4.9
Impact score: 6.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:C/I:N/A:N

Weaknesses

nvd@nist.gov: CWE-20

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:6.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F702C46F-CA02-4FA2-B7D6-C61C2C095679"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:6.3:release_p10:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "9A1D9D46-75E4-4742-9CF3-2B063B6B7504"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:6.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A4F7F02A-C845-40BF-8490-510A070000F3"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:6.4:release_p4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8E08DCB9-9064-4DB7-B43A-7B415882EB50"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:6.4:stable:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "06FB0EEA-254E-4A1F-99E7-058FCD518E22"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:7.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "47E0A416-733A-4616-AE08-150D67FCEA70"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:7.0:release-p12:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0452688A-3E71-4BC9-8942-56ABBC47EA87"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:7.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "803EFA9F-B7CB-4511-B1C1-381170CA9A23"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:7.1:release-p5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2A31704-E99F-4DBE-ABA4-EC3E566DE6CB"
          },
          {
            "criteria": "cpe:2.3:o:freebsd:freebsd:7.2:pre-release:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8B573401-DC6F-4AFE-92F5-D96F785D2107"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 2.0

Weaknesses

Social media

Configurations

References