5
CVE-2008-3680
- EPSS 14.09%
- Veröffentlicht 14.08.2008 19:41:00
- Zuletzt bearbeitet 09.04.2025 00:30:58
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginThe decryption function in Flagship Industries Ventrilo 3.0.2 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) by sending a type 0 packet with an invalid version followed by another packet to TCP port 3784.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Flagship Industries ≫ Ventrilo Version1
Flagship Industries ≫ Ventrilo Version1.01
Flagship Industries ≫ Ventrilo Version1.03
Flagship Industries ≫ Ventrilo Version1.04
Flagship Industries ≫ Ventrilo Version1.05
Flagship Industries ≫ Ventrilo Version1.06
Flagship Industries ≫ Ventrilo Version2
Flagship Industries ≫ Ventrilo Version2.1
Flagship Industries ≫ Ventrilo Version2.1.1
Flagship Industries ≫ Ventrilo Version2.1.2
Flagship Industries ≫ Ventrilo Version2.1.3
Flagship Industries ≫ Ventrilo Version2.1.4
Flagship Industries ≫ Ventrilo Version2.2
Flagship Industries ≫ Ventrilo Version2.3
Flagship Industries ≫ Ventrilo Version2.3.2 Updateprototype.6
Flagship Industries ≫ Ventrilo Version2.3.2 Updateprototype.9
Flagship Industries ≫ Ventrilo Version3
Flagship Industries ≫ Ventrilo Version3.0.2
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 14.09% | 0.94 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.