Lucene search

[email protected]CVE-2008-1952

HistoryJun 23, 2008 - 7:41 p.m.

CVE-2008-1952

2008-06-2319:41:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-1952

xensource

xen

para virtualized

frame buffer

pvfb

xen ioemu

denial of service

crash

memory mapping

nvd

6.5 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

26.1%

JSON

The backend for XenSource Xen Para Virtualized Frame Buffer (PVFB) in Xen ioemu does not properly restrict the frame buffer size, which allows attackers to cause a denial of service (crash) by mapping an arbitrary amount of guest memory.

CPENameOperatorVersion
xensource:xen_para_virtualized_frame_bufferxensource xen para virtualized frame buffereq*

CPE	Name	Operator	Version
xensource:xen_para_virtualized_frame_buffer	xensource xen para virtualized frame buffer	eq	*

References

lists.xensource.com/archives/html/xen-devel/2008-05/msg00421.html

secunia.com/advisories/32088

www.openwall.com/lists/oss-security/2008/05/21/9

www.securityfocus.com/bid/30646

www.securitytracker.com/id?1020957

xenbits.xensource.com/xen-unstable.hg?rev/9044705960cb30cec385bdca7305bcf7db096721

exchange.xforce.ibmcloud.com/vulnerabilities/43362

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A11189

rhn.redhat.com/errata/RHSA-2008-0892.html

6.5 Medium

AI Score

Confidence

Low

2.1 Low

CVSS2

Access Vector

LOCAL

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:L/AC:L/Au:N/C:N/I:N/A:P

0.001 Low

EPSS

Percentile

26.1%

JSON

Related for CVE-2008-1952

prion1 veracode1 redhat1 centos1 openvas3 nessus5 ubuntucve2 oraclelinux1 debian2