Lucene search

[email protected]CVE-2008-4166

HistorySep 22, 2008 - 6:34 p.m.

CVE-2008-4166

2008-09-2218:34:16

CWE-189

[email protected]

web.nvd.nist.gov

cve-2008-4166

javascript engine

avant browser

denial of service

application crash

nvd

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.8 Medium

AI Score

Confidence

High

0.031 Low

EPSS

Percentile

91.1%

JSON

Integer overflow in the JavaScript engine in Avant Browser 11.7 Build 9 and earlier allows remote attackers to cause a denial of service (application crash) by attempting to URL encode a string containing many instances of an invalid character.

Affected configurations

NVD

Node

avantbrowseravant_browserRange≤11.7build_9

CPENameOperatorVersion
avantbrowser:avant_browseravantbrowser avant browserle11.7

CPE	Name	Operator	Version
avantbrowser:avant_browser	avantbrowser avant browser	le	11.7

References

securityreason.com/securityalert/4284

www.securityfocus.com/archive/1/496301/100/0/threaded

www.securityfocus.com/bid/31155

exchange.xforce.ibmcloud.com/vulnerabilities/45121

4.3 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

6.8 Medium

AI Score

Confidence

High

0.031 Low

EPSS

Percentile

91.1%

JSON

Related for CVE-2008-4166

prion1 cvelist1 nvd1