CVE-2009-0537

Published: Mar 9, 2009Modified: Apr 23, 2026

4.9

Vector

AV:L/AC:L/Au:N/C:N/I:N/A:C

Exploitability: 3.9 / Impact: 6.9

Source: NVD

Description

Integer overflow in the fts_build function in fts.c in libc in (1) OpenBSD 4.4 and earlier and (2) Microsoft Interix 6.0 build 10.0.6030.0 allows context-dependent attackers to cause a denial of service (application crash) via a deep directory tree, related to the fts_level structure member, as demonstrated by (a) du, (b) rm, (c) chmod, and (d) chgrp on OpenBSD; and (e) SearchIndexer.exe on Vista Enterprise.

Affected (26)

Products: Microsoft: Interix · Openbsd: Openbsd

1 product

1 product

Configuration A

26 vulnerable

Vulnerable Software	Affected Versions
Microsoft Interix	Version 6.0
Openbsd Openbsd	Up to 4.4
Openbsd Openbsd	Version 2.0
Openbsd Openbsd	Version 2.1
Openbsd Openbsd	Version 2.2
Openbsd Openbsd	Version 2.3
Openbsd Openbsd	Version 2.4
Openbsd Openbsd	Version 2.5
Openbsd Openbsd	Version 2.6
Openbsd Openbsd	Version 2.7
Openbsd Openbsd	Version 2.8
Openbsd Openbsd	Version 2.9
Openbsd Openbsd	Version 3.0
Openbsd Openbsd	Version 3.1
Openbsd Openbsd	Version 3.2
Openbsd Openbsd	Version 3.3
Openbsd Openbsd	Version 3.4
Openbsd Openbsd	Version 3.5
Openbsd Openbsd	Version 3.6
Openbsd Openbsd	Version 3.7
Openbsd Openbsd	Version 3.8
Openbsd Openbsd	Version 3.9
Openbsd Openbsd	Version 4.0
Openbsd Openbsd	Version 4.1
Openbsd Openbsd	Version 4.2
Openbsd Openbsd	Version 4.3