CVE-2008-2954

Current Description

client/NmdcHub.cpp in Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a denial of service (crash) via an empty private message, which triggers an out-of-bounds read.

Basic Data

PublishedJuly 01, 2008
Last ModifiedAugust 08, 2017
Assignercve@mitre.org
Data TypeCVE
Data FormatMITRE
Data Version4.0
Problem TypeCWE-20
CVE Data Version4.0

Base Metric V2

CVSS 2 - Version2.0
CVSS 2 - Vector StringAV:N/AC:L/Au:N/C:N/I:N/A:C
CVSS 2 - Access VectorNETWORK
CVSS 2 - Access ComplexityLOW
CVSS 2 - AuthenticationNONE
CVSS 2 - Confidentiality ImpactNONE
CVSS 2 - Availability ImpactCOMPLETE
CVSS 2 - Base Score7.8
SeverityHIGH
Exploitability Score10.0
Impact Score6.9
Obtain All Privilegefalse
Obtain User Privilegefalse
Obtain Other Privilegefalse

Base Metric V3

No data provided.

Configurations

  • OR - Configuration 1
    Cpe VersionPartVendorProductVersionUpdateEditionLanguageSW EditionTarget SWTarget HWOtherVersion Start IncludingVersion End IncludingVersion Start ExcludingVersion End Excluding
    2.3ApplicationLinuxDirect Connect0.686*******
    2.3ApplicationLinuxDirect Connect0.699*******
    2.3ApplicationLinuxDirect Connect0.700*******
    2.3ApplicationLinuxDirect Connect0.701*******
    2.3ApplicationLinuxDirect Connect0.702*******
    2.3ApplicationLinuxDirect Connect0.703*******
    2.3ApplicationLinuxDirect Connect0.704*******
    2.3ApplicationLinuxDirect Connect0.705*******
    2.3ApplicationLinuxDirect Connect0.706*******

Vulnerable Software List

VendorProductVersions
Linux Direct Connect 0.686, 0.699, 0.700, 0.701, 0.702, 0.703, 0.704, 0.705, 0.706

References

NameSourceURLTags
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/Changelog.txthttp://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/Changelog.txtCONFIRM
http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/client/NmdcHub.cpp.diff?r1=1.14&r2=1.15&sortby=datehttp://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/client/NmdcHub.cpp.diff?r1=1.14&r2=1.1CONFIRMExploit
http://dcplusplus.svn.sourceforge.net/viewvc/dcplusplus/dcplusplus/trunk/changelog.txt?r1=1027&r2=1026&pathrev=1027http://dcplusplus.svn.sourceforge.net/viewvc/dcplusplus/dcplusplus/trunk/changelog.txt?r1=1027&r2=10CONFIRM
30907http://secunia.com/advisories/30907SECUNIA
30918http://secunia.com/advisories/30918SECUNIA
30037http://www.securityfocus.com/bid/30037BID
1020409http://www.securitytracker.com/id?1020409SECTRACK
1020410http://www.securitytracker.com/id?1020410SECTRACK
dc-pm-dos(43566)https://exchange.xforce.ibmcloud.com/vulnerabilities/43566XF
FEDORA-2008-6018https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00101.htmlFEDORA
FEDORA-2008-6038https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00116.htmlFEDORA