What is CVE-2008-1673?

CVE-2008-1673 is a High severity Linux kernel vulnerability with a CVSS score of 10.0 out of 10, classified as a Buffer Overflow flaw (CWE-119). CVE-2008-1673 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is the CVSS score for CVE-2008-1673?

CVE-2008-1673 has a CVSS score of 10.0 out of 10, rated High severity. The vector string is AV:N/AC:L/Au:N/C:C/I:C/A:C.

Is there a patch available for CVE-2008-1673?

No patch is currently available for CVE-2008-1673. Monitor the NIST NVD and your Linux distribution's security advisories for updates.

Is CVE-2008-1673 actively exploited?

CVE-2008-1673 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.

What is Buffer Overflow (CWE-119)?

The product performs operations on a memory buffer but reads or writes outside its intended boundaries. See MITRE CWE for full details: https://cwe.mitre.org/data/definitions/119.html

CVE-2008-1673

High

The asn1 implementation in (a) the Linux kernel 2.4 before 2.4.36.6 and 2.6 before 2.6.25.5, as used in the cifs and ip_nat_snmp_basic modules; and (b) the gxsnmp package; does not properly validate length values during decoding of ASN.1 BER data, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a length greater than the working buffer, which can lead to an unspecified overflow; (2) an oid length of zero, which can lead to an off-by-one error; or (3) an indefinite length for a primitive encoding.

Package Linux Kernel

Published 2008-06-10

Last modified 2026-04-23

CVSS version 2.0

Patch available

Awaiting data

CVSS 2.0 score

10.0

out of 10

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

User Interaction

Scope

Confidentiality

Low

Integrity

Availability

Vector string

AV:N/AC:L/Au:N/C:C/I:C/A:C

Weakness type

CWE-119

CVE-2008-1673 is a Buffer Overflow vulnerability

What is Buffer Overflow?

The product performs operations on a memory buffer but reads or writes outside its intended boundaries. Learn more on MITRE CWE

References

The following references provide additional information about CVE-2008-1673 including vendor advisories, patch commits, exploit details, and third-party analysis. Links are sourced from the NIST NVD database.

Kernel.org
http://kernel.org/pub/linux/kernel/v2.4/ChangeLog-2.4.36.6
Kernel.org
http://kernel.org/pub/linux/kernel/v2.6/ChangeLog-2.6.25.5
Lists
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00007.html
Lists
http://lists.opensuse.org/opensuse-security-announce/2008-07/msg00012.html
Lists
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00000.html
Lists
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00001.html
Lists
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00003.html
Lists
http://lists.opensuse.org/opensuse-security-announce/2008-10/msg00008.html
Lists
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00001.html
Secunia
http://secunia.com/advisories/30000
Secunia
http://secunia.com/advisories/30580

Vendor Advisory
Secunia
http://secunia.com/advisories/30644
Secunia
http://secunia.com/advisories/30658
Secunia
http://secunia.com/advisories/30982
Secunia
http://secunia.com/advisories/31107
Secunia
http://secunia.com/advisories/31836
Secunia
http://secunia.com/advisories/32103
Secunia
http://secunia.com/advisories/32104
Secunia
http://secunia.com/advisories/32370
Secunia
http://secunia.com/advisories/32759
Wiki
http://wiki.rpath.com/wiki/Advisories:rPSA-2008-0189
Debian Security
http://www.debian.org/security/2008/dsa-1592
Mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:113
Mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2008:174
Securityfocus
http://www.securityfocus.com/archive/1/493300/100/0/threaded
Securitytracker
http://www.securitytracker.com/id?1020210
Ubuntu Security
http://www.ubuntu.com/usn/usn-625-1
Vupen
http://www.vupen.com/english/advisories/2008/1770
Red Hat
https://bugzilla.redhat.com/show_bug.cgi?id=443962
Exchange
https://exchange.xforce.ibmcloud.com/vulnerabilities/42921
Red Hat
https://www.redhat.com/archives/fedora-package-announce/2008-June/msg00587.html
Kernel patch commit
http://git.kernel.org/?p=linux/kernel/git/stable/linux-2.6.25.y.git%3Ba=commit%3Bh=33afb8403f361919aa5c8fe1d0a4f5ddbfbbea3c
Patch
Kernel patch commit
http://git.kernel.org/?p=linux/kernel/git/torvalds/linux-2.6.git%3Ba=commit%3Bh=ddb2c43594f22843e9f3153da151deaba1a834c5
Patch
Kernel patch commit
http://www.securityfocus.com/bid/29589
Patch

Details

CVE ID CVE-2008-1673

Severity High

CVSS score 10.0 / 10

CVSS version 2.0

Published 2008-06-10

Modified 2026-04-23

KEV No

Patch Awaiting data

Package linux

Frequently asked questions

What is CVE-2008-1673?

CVE-2008-1673 is a High severity Linux kernel vulnerability with a CVSS score of 10.0 out of 10 , classified as a Buffer Overflow flaw (CWE-119) . CVE-2008-1673 has not been confirmed as actively exploited and is not listed in the CISA KEV catalog.
What is the CVSS score for CVE-2008-1673?

CVE-2008-1673 has a CVSS score of 10.0 out of 10, rated High severity (CVSS 2.0). The vector string is AV:N/AC:L/Au:N/C:C/I:C/A:C.
Is there a patch available for CVE-2008-1673?

No patch is currently available for CVE-2008-1673. Monitor the NIST NVD and your Linux distribution's security advisories for updates.
Is CVE-2008-1673 actively exploited?

No — CVE-2008-1673 has not been confirmed as actively exploited. It is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.
What is Buffer Overflow (CWE-119)?

The product performs operations on a memory buffer but reads or writes outside its intended boundaries. View CWE-119 on MITRE CWE →