CVE-2008-4865

Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been disputed, but CVE is including this issue because execution of a program from an untrusted directory is a common scenario.

Published : 2008-11-01 00:00 Updated : 2009-03-30 04:00

7.2
CVSS Score More info
Score 7.2 / 10
7.2
Vendor Product Version URI
Valgrind Valgrind 3.0.0 cpe:/a:valgrind:valgrind:3.0.0
Valgrind Valgrind 2.4.1 cpe:/a:valgrind:valgrind:2.4.1::powerpc
Valgrind Valgrind 2.2.0 cpe:/a:valgrind:valgrind:2.2.0
Valgrind Valgrind 2.1.1 cpe:/a:valgrind:valgrind:2.1.1
Valgrind Valgrind 2.4.1 cpe:/a:valgrind:valgrind:2.4.1
Valgrind Valgrind 1.9.6 cpe:/a:valgrind:valgrind:1.9.6
Valgrind Valgrind 2.1.0 cpe:/a:valgrind:valgrind:2.1.0
Valgrind Valgrind 2.0.0 cpe:/a:valgrind:valgrind:2.0.0
Valgrind Valgrind 3.2.3 cpe:/a:valgrind:valgrind:3.2.3
Valgrind Valgrind 3.3.0 cpe:/a:valgrind:valgrind:3.3.0:rc1
Valgrind Valgrind 3.2.2 cpe:/a:valgrind:valgrind:3.2.2
Valgrind Valgrind 3.4.0 cpe:/a:valgrind:valgrind:3.4.0:rc1
Valgrind Valgrind 3.3.1 cpe:/a:valgrind:valgrind:3.3.1
Valgrind Valgrind 3.3.1 cpe:/a:valgrind:valgrind:3.3.1:rc1
Valgrind Valgrind 3.3.0 cpe:/a:valgrind:valgrind:3.3.0:rc2
Valgrind Valgrind 3.2.1 cpe:/a:valgrind:valgrind:3.2.1
Valgrind Valgrind 3.3.0 cpe:/a:valgrind:valgrind:3.3.0
Valgrind Valgrind 3.3.0 cpe:/a:valgrind:valgrind:3.3.0:rc3
Valgrind Valgrind 3.2.0 cpe:/a:valgrind:valgrind:3.2.0
Valgrind Valgrind 3.1.1 cpe:/a:valgrind:valgrind:3.1.1
Valgrind Valgrind 3.1.0 cpe:/a:valgrind:valgrind:3.1.0
Valgrind Valgrind 3.0.1 cpe:/a:valgrind:valgrind:3.0.1
  1. Valgrind (1) Search CVE
    1. Valgrind (17) Search CVE
      1. 3.0.0
      2. 2.4.1
      3. 2.2.0
      4. 2.1.1
      5. 1.9.6
      6. 2.1.0
      7. 2.0.0
      8. 3.2.3
      9. 3.3.0
      10. 3.2.2
      11. 3.4.0
      12. 3.3.1
      13. 3.2.1
      14. 3.2.0
      15. 3.1.1
      16. 3.1.0
      17. 3.0.1

CWE

There is no CWE for this CVE.

History of changes

Date Event
2008-11-01 00:00

New CVE