5

CVE-2008-2953

Exploit
Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a denial of service (crash) via "partial file list requests" that trigger a NULL pointer dereference.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
LinuxDirect Connect Version0.686
LinuxDirect Connect Version0.699
LinuxDirect Connect Version0.700
LinuxDirect Connect Version0.701
LinuxDirect Connect Version0.702
LinuxDirect Connect Version0.703
LinuxDirect Connect Version0.704
LinuxDirect Connect Version0.705
LinuxDirect Connect Version0.706
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 3.23% 0.866
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:N/I:N/A:P
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/client/ShareManager.cpp.diff?r1=1.14&r2=1.15&sortby=date
Exploit
http://secunia.com/advisories/30812
Vendor Advisory
http://secunia.com/advisories/30907
http://secunia.com/advisories/30918
http://sourceforge.net/project/shownotes.php?release_id=608612&group_id=40287
http://www.securityfocus.com/bid/29924
http://www.securitytracker.com/id?1020407
http://www.securitytracker.com/id?1020408
https://exchange.xforce.ibmcloud.com/vulnerabilities/43341
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00101.html
https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00116.html