CVE-2008-1338
Severity CVSS v4.0:
Pending analysis
Type:
CWE-189
Numeric Errors
Publication date:
14/03/2008
Last modified:
09/04/2025
Description
The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a server-DiffFile command with an integer value within a certain range, which causes a loop until all memory is exhausted.
Impact
Base Score 2.0
7.80
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:perforce:perforce_server:*:*:*:*:*:*:*:* | 2007.3_143793 (including) |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://aluigi.altervista.org/adv/perforces-adv.txt
- http://aluigi.org/poc/perforces.zip
- http://secunia.com/advisories/29231
- http://securityreason.com/securityalert/3735
- http://www.securityfocus.com/archive/1/489179/100/0/threaded
- http://www.securityfocus.com/bid/28108
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41017
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41361
- http://aluigi.altervista.org/adv/perforces-adv.txt
- http://aluigi.org/poc/perforces.zip
- http://secunia.com/advisories/29231
- http://securityreason.com/securityalert/3735
- http://www.securityfocus.com/archive/1/489179/100/0/threaded
- http://www.securityfocus.com/bid/28108
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41017
- https://exchange.xforce.ibmcloud.com/vulnerabilities/41361