CVE-2008-2382

The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message.

CVSS v2.0 5

5^/10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 10 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Scope

References

Link	Resource
http://securitytracker.com/id?1021489	Exploit
http://secunia.com/advisories/33293	Vendor Advisory
http://www.coresecurity.com/content/vnc-remote-dos
http://secunia.com/advisories/33303	Vendor Advisory
http://www.securityfocus.com/bid/32910	Exploit
http://securitytracker.com/id?1021488
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html
http://secunia.com/advisories/33350
http://securityreason.com/securityalert/4803
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
http://secunia.com/advisories/33568
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
http://secunia.com/advisories/34642
http://www.ubuntu.com/usn/usn-776-1
http://secunia.com/advisories/35062
http://www.vupen.com/english/advisories/2008/3488
http://www.vupen.com/english/advisories/2008/3489
https://exchange.xforce.ibmcloud.com/vulnerabilities/47561
http://www.securityfocus.com/archive/1/499502/100/0/threaded

Configurations

Configuration 1

cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:0.1.6:*:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:0.5.3:*:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:0.4.2:*:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:0.1.5:*:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:0.5.1:*:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:0.5.5:*:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:0.9.0:*:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:0.7.2:*:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:0.1.3:*:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:0.7.1:*:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:0.5.0:*:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:0.8.1:*:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:0.4.1:*:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:0.5.2:*:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:0.1.1:*:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:0.7.0:*:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:0.1.4:*:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:0.6.0:*:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:0.6.1:*:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:0.4.3:*:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:0.1.2:*:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:0.5.4:*:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:0.8.0:*:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:0.1.0:*:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:0.2.0:*:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:0.3.0:*:*:*:*:*:*:*

cpe:2.3:a:qemu:qemu:0.4.0:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:59:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:75:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:55:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:38:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:68:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:58:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:64:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:57:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:63:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:44:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:12:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:7:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:40:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:72:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:3:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:10:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:39:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:56:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:45:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:4:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:*:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:24:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:20:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:51:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:34:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:1:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:16:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:21:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:43:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:14:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:32:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:53:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:76:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:74:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:66:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:73:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:17:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:42:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:29:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:33:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:48:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:35:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:23:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:69:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:11:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:6:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:36:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:26:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:25:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:52:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:60:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:70:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:54:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:19:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:71:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:9:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:2:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:49:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:61:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:65:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:22:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:15:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:5:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:8:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:28:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:30:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:18:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:27:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:47:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:13:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:77:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:50:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:41:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:67:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:37:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:78:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:31:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:46:*:*:*:*:*:*:*

cpe:2.3:a:kvm_qumranet:kvm:62:*:*:*:*:*:*:*

History

24 Jan 2023, 16:19

Type	Values Removed	Values Added
CPE		cpe:2.3:a:predictapp_project:predictapp::::::::
References	~~(MISC) https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f41883ff4461a06 -~~	(MISC) https://github.com/abhilash1985/PredictApp/commit/b067372f3ee26fe1b657121f0f41883ff4461a06 - Patch, Third Party Advisory
References	~~(MISC) https://github.com/abhilash1985/PredictApp/pull/73 -~~	(MISC) https://github.com/abhilash1985/PredictApp/pull/73 - Patch, Third Party Advisory
References	~~(MISC) https://vuldb.com/?id.218387 -~~	(MISC) https://vuldb.com/?id.218387 - Third Party Advisory
References	~~(MISC) https://vuldb.com/?ctiid.218387 -~~	(MISC) https://vuldb.com/?ctiid.218387 - Third Party Advisory
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 9.8
First Time		Predictapp Project predictapp Predictapp Project

16 Jan 2023, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2008-12-24 06:29

Updated : 2020-11-02 02:39

NVD link : CVE-2008-2382

Mitre link : CVE-2008-2382

Products Affected

No products.

CWE

CWE-399