7.6
CVE-2008-5297
- EPSS 18.46%
- Veröffentlicht 01.12.2008 15:30:03
- Zuletzt bearbeitet 16.06.2026 22:59:39
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginBuffer overflow in No-IP DUC 2.1.7 and earlier allows remote HTTP servers to execute arbitrary code via a crafted response to a DNS update request, related to a missing length check in the GetNextLine function.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Vitalwerks ≫ No-ip Duc Version <= 2.1.7
Vitalwerks ≫ No-ip Duc Version2.0.3
Vitalwerks ≫ No-ip Duc Version2.1
Vitalwerks ≫ No-ip Duc Version2.1.5
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 18.46% | 0.969 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.6 | 4.9 | 10 |
AV:N/AC:H/Au:N/C:C/I:C/A:C
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=506179
http://git.debian.org/?p=collab-maint/no-ip.git%3Ba=commit%3Bh=60ed93621ff36d9731ba5d9f9336d6eb91122302
http://secunia.com/advisories/32761
http://secunia.com/advisories/33138
http://secunia.com/advisories/33610
http://security.gentoo.org/glsa/glsa-200901-12.xml
http://securityreason.com/securityalert/4672
http://www.debian.org/security/2008/dsa-1686
http://www.openwall.com/lists/oss-security/2008/11/21/15
http://www.securityfocus.com/bid/32344
http://xenomuta.tuxfamily.org/exploits/noIPwn3r.c
https://exchange.xforce.ibmcloud.com/vulnerabilities/46696
https://www.exploit-db.com/exploits/7151