CVE-2008-5076 - Vulnerability Details - OpenCVE

htop 0.7 writes process names to a terminal without sanitizing non-printable characters, which might allow local users to hide processes, modify arbitrary files, or have unspecified other impact via a process name with "crazy control strings."

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Htop	Htop

Configuration 1 [-]

cpe:2.3:a:htop:htop:0.7:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://bugs.debian.org/504144
http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html
http://www.openwall.com/lists/oss-security/2008/11/02/1
http://www.openwall.com/lists/oss-security/2008/11/14/3
http://www.securityfocus.com/bid/32081
https://exchange.xforce.ibmcloud.com/vulnerabilities/46321
https://www.cve.org/CVERecord?id=CVE-2008-5076

History

Wed, 28 May 2025 14:45:00 +0000

Type	Values Removed	Values Added
References		https://www.cve.org/CVERecord?id=CVE-2008-5076

Thu, 22 May 2025 04:30:00 +0000

Type	Values Removed	Values Added
References	https://nvd.nist.gov/vuln/detail/CVE-2008-5076 https://www.cve.org/CVERecord?id=CVE-2008-5076

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2008-11-14T18:00:00

Updated: 2024-08-07T10:40:16.926Z

Reserved: 2008-11-14T00:00:00

Link: CVE-2008-5076

Vulnrichment

No data.

NVD

Status : Deferred

Published: 2008-11-14T18:09:25.073

Modified: 2025-04-09T00:30:58.490

Link: CVE-2008-5076

Redhat

Severity : Moderate

Publid Date: 2008-11-02T00:00:00Z

Links: CVE-2008-5076 - Bugzilla

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-11-02T00:00:00", "descriptions": [{"lang": "en", "value": "htop 0.7 writes process names to a terminal without sanitizing non-printable characters, which might allow local users to hide processes, modify arbitrary files, or have unspecified other impact via a process name with \"crazy control strings.\""}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "[oss-security] 20081114 Re: CVE id request: htop", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2008/11/14/3"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.debian.org/504144"}, {"name": "htop-processname-weak-security(46321)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46321"}, {"name": "[oss-security] 20081102 CVE id request: htop", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://www.openwall.com/lists/oss-security/2008/11/02/1"}, {"name": "SUSE-SR:2008:026", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"}, {"name": "32081", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/32081"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2008-5076", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "htop 0.7 writes process names to a terminal without sanitizing non-printable characters, which might allow local users to hide processes, modify arbitrary files, or have unspecified other impact via a process name with \"crazy control strings.\""}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "[oss-security] 20081114 Re: CVE id request: htop", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2008/11/14/3"}, {"name": "http://bugs.debian.org/504144", "refsource": "CONFIRM", "url": "http://bugs.debian.org/504144"}, {"name": "htop-processname-weak-security(46321)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46321"}, {"name": "[oss-security] 20081102 CVE id request: htop", "refsource": "MLIST", "url": "http://www.openwall.com/lists/oss-security/2008/11/02/1"}, {"name": "SUSE-SR:2008:026", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"}, {"name": "32081", "refsource": "BID", "url": "http://www.securityfocus.com/bid/32081"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T10:40:16.926Z"}, "title": "CVE Program Container", "references": [{"name": "[oss-security] 20081114 Re: CVE id request: htop", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2008/11/14/3"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.debian.org/504144"}, {"name": "htop-processname-weak-security(46321)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46321"}, {"name": "[oss-security] 20081102 CVE id request: htop", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2008/11/02/1"}, {"name": "SUSE-SR:2008:026", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"}, {"name": "32081", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/32081"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2008-5076", "datePublished": "2008-11-14T18:00:00", "dateReserved": "2008-11-14T00:00:00", "dateUpdated": "2024-08-07T10:40:16.926Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:htop:htop:0.7:*:*:*:*:*:*:*", "matchCriteriaId": "B1176958-0A88-4154-B7FC-FCE3C702D415", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "htop 0.7 writes process names to a terminal without sanitizing non-printable characters, which might allow local users to hide processes, modify arbitrary files, or have unspecified other impact via a process name with \"crazy control strings.\""}, {"lang": "es", "value": "htop v0.7 escribe nombres de procesos a un terminal sin desinfectar caracteres no imprimibles, lo cual puede permitir a usuarios locales esconder procesos, modificar ficheros de su elecci\u00f3n, o tener otro impacto desconocido a trav\u00e9s de nombres de proceso con \"cadenas de control crazy\"."}], "id": "CVE-2008-5076", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2008-11-14T18:09:25.073", "references": [{"source": "cve@mitre.org", "tags": ["Exploit"], "url": "http://bugs.debian.org/504144"}, {"source": "cve@mitre.org", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2008/11/02/1"}, {"source": "cve@mitre.org", "url": "http://www.openwall.com/lists/oss-security/2008/11/14/3"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/32081"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46321"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit"], "url": "http://bugs.debian.org/504144"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://lists.opensuse.org/opensuse-security-announce/2008-11/msg00002.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2008/11/02/1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.openwall.com/lists/oss-security/2008/11/14/3"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/32081"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/46321"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-200"}], "source": "nvd@nist.gov", "type": "Primary"}]}