Vulnerabilidad en clientNmdcHub.cpp en Linux DC++ (CVE-2008-2954)
Gravedad CVSS v2.0:
ALTA
Tipo:
CWE-20
Validación incorrecta de entrada
Fecha de publicación:
01/07/2008
Última modificación:
09/04/2025
Descripción
client/NmdcHub.cpp en Linux DC++ (linuxdcpp) anterior a 0.707, permite a atacantes remotos provocar una denegación de servicio (caída a través de un mensaje privado vacío, lo que dispara una lectura de fuera de rango.
Impacto
Puntuación base 2.0
7.80
Gravedad 2.0
ALTA
Productos y versiones vulnerables
| CPE | Desde | Hasta |
|---|---|---|
| cpe:2.3:a:linux:direct_connect:0.686:*:*:*:*:*:*:* | ||
| cpe:2.3:a:linux:direct_connect:0.699:*:*:*:*:*:*:* | ||
| cpe:2.3:a:linux:direct_connect:0.700:*:*:*:*:*:*:* | ||
| cpe:2.3:a:linux:direct_connect:0.701:*:*:*:*:*:*:* | ||
| cpe:2.3:a:linux:direct_connect:0.702:*:*:*:*:*:*:* | ||
| cpe:2.3:a:linux:direct_connect:0.703:*:*:*:*:*:*:* | ||
| cpe:2.3:a:linux:direct_connect:0.704:*:*:*:*:*:*:* | ||
| cpe:2.3:a:linux:direct_connect:0.705:*:*:*:*:*:*:* | ||
| cpe:2.3:a:linux:direct_connect:0.706:*:*:*:*:*:*:* |
Para consultar la lista completa de nombres de CPE con productos y versiones, ver esta página
Referencias a soluciones, herramientas e información
- http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/Changelog.txt
- http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/client/NmdcHub.cpp.diff?r1=1.14&r2=1.15&sortby=date
- http://dcplusplus.svn.sourceforge.net/viewvc/dcplusplus/dcplusplus/trunk/changelog.txt?r1=1027&r2=1026&pathrev=1027
- http://secunia.com/advisories/30907
- http://secunia.com/advisories/30918
- http://www.securityfocus.com/bid/30037
- http://www.securitytracker.com/id?1020409=
- http://www.securitytracker.com/id?1020410=
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43566
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00101.html
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00116.html
- http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/Changelog.txt
- http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/client/NmdcHub.cpp.diff?r1=1.14&r2=1.15&sortby=date
- http://dcplusplus.svn.sourceforge.net/viewvc/dcplusplus/dcplusplus/trunk/changelog.txt?r1=1027&r2=1026&pathrev=1027
- http://secunia.com/advisories/30907
- http://secunia.com/advisories/30918
- http://www.securityfocus.com/bid/30037
- http://www.securitytracker.com/id?1020409=
- http://www.securitytracker.com/id?1020410=
- https://exchange.xforce.ibmcloud.com/vulnerabilities/43566
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00101.html
- https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00116.html