CVEDB API

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-4865

Untrusted search path vulnerability in valgrind before 3.4.0 allows local users to execute arbitrary programs via a Trojan horse .valgrindrc file in the current working directory, as demonstrated using a malicious --db-command options. NOTE: the severity of this issue has been disputed, but CVE is including this issue because execution of a program from an untrusted directory is a common scenario.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 20.5%

CVSS Severity

CVSS v2 Score 7.2

References

Products affected by CVE-2008-4865

Valgrind » Valgrind » Version: Any

cpe:2.3:a:valgrind:valgrind:*
Valgrind » Valgrind » Version: 1.9.6

cpe:2.3:a:valgrind:valgrind:1.9.6
Valgrind » Valgrind » Version: 2.0.0

cpe:2.3:a:valgrind:valgrind:2.0.0
Valgrind » Valgrind » Version: 2.1.0

cpe:2.3:a:valgrind:valgrind:2.1.0
Valgrind » Valgrind » Version: 2.1.1

cpe:2.3:a:valgrind:valgrind:2.1.1
Valgrind » Valgrind » Version: 2.2.0

cpe:2.3:a:valgrind:valgrind:2.2.0
Valgrind » Valgrind » Version: 2.4.1

cpe:2.3:a:valgrind:valgrind:2.4.1
Valgrind » Valgrind » Version: 3.0.0

cpe:2.3:a:valgrind:valgrind:3.0.0
Valgrind » Valgrind » Version: 3.0.1

cpe:2.3:a:valgrind:valgrind:3.0.1
Valgrind » Valgrind » Version: 3.1.0

cpe:2.3:a:valgrind:valgrind:3.1.0
Valgrind » Valgrind » Version: 3.1.1

cpe:2.3:a:valgrind:valgrind:3.1.1
Valgrind » Valgrind » Version: 3.2.0

cpe:2.3:a:valgrind:valgrind:3.2.0
Valgrind » Valgrind » Version: 3.2.1

cpe:2.3:a:valgrind:valgrind:3.2.1
Valgrind » Valgrind » Version: 3.2.2

cpe:2.3:a:valgrind:valgrind:3.2.2
Valgrind » Valgrind » Version: 3.2.3

cpe:2.3:a:valgrind:valgrind:3.2.3
Valgrind » Valgrind » Version: 3.3.0

cpe:2.3:a:valgrind:valgrind:3.3.0
Valgrind » Valgrind » Version: 3.3.1

cpe:2.3:a:valgrind:valgrind:3.3.1

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2008-4865

Products

Pricing

Contact Us