{"id":"AZL-37061","summary":"CVE-2008-3908 affecting package wordnet for versions less than 3.0-43","details":"Multiple buffer overflows in Princeton WordNet (wn) 3.0 allow context-dependent attackers to execute arbitrary code via (1) a long argument on the command line; a long (2) WNSEARCHDIR, (3) WNHOME, or (4) WNDBVERSION environment variable; or (5) a user-supplied dictionary (aka data file).  NOTE: since WordNet itself does not run with special privileges, this issue only crosses privilege boundaries when WordNet is invoked as a third party component.","modified":"2026-04-21T04:28:08.065647Z","published":"2008-09-04T17:41:00Z","upstream":["CVE-2008-3908"],"references":[{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2008-3908"}],"affected":[{"package":{"name":"wordnet","ecosystem":"Azure Linux:3","purl":"pkg:rpm/azure-linux/wordnet"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.0-43"}]}],"database_specific":{"source":"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-37061.json"}}],"schema_version":"1.7.5"}