CVE-2008-2357

EPSS 7.6%

mtr - execution of arbitrary code

Published: 5/21/2008Modified: 4/28/2026

Also known as:DEBIAN-CVE-2008-2357

Description

Stack-based buffer overflow in the split_redraw function in split.c in mtr before 0.73, when invoked with the -p (aka --split) option, allows remote attackers to execute arbitrary code via a crafted DNS PTR record. NOTE: it could be argued that this is a vulnerability in the ns_name_ntop function in resolv/ns_name.c in glibc and the proper fix should be in glibc; if so, then this should not be treated as a vulnerability in mtr.

Affected packages (2)

Debian/mtrfrom 0, < 0.73-1
Debian/mtrfrom 0, < 0.71-2etch1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2008-2357