Lucene search

[email protected]CVE-2006-6227

HistoryDec 02, 2006 - 2:28 a.m.

CVE-2006-6227

2006-12-0202:28:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-6227

core::receive function

neoengine

denial of service

remote attackers

memory allocation

null pointer dereference

7.5 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.018 Low

EPSS

Percentile

88.1%

JSON

The Core::Receive function in neonet/core.cpp for NeoEngine 0.8.2 and earlier, and CVS 3422, allow remote attackers to cause a denial of service (engine crash) via a message with a large uiMessageLength that produces a failed memory allocation and a null pointer dereference.

CPENameOperatorVersion
neoengine:neoengineneoengineeq0.8.2

CPE	Name	Operator	Version
neoengine:neoengine	neoengine	eq	0.8.2

References

aluigi.altervista.org/adv/neoenginex-adv.txt

www.osvdb.org/27927

www.securiteam.com/securitynews/5MP0N2AIUC.html

www.securityfocus.com/bid/18696

exchange.xforce.ibmcloud.com/vulnerabilities/27529

7.5 High

AI Score

Confidence

Low

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

0.018 Low

EPSS

Percentile

88.1%

JSON