Lucene search

PRIOn knowledge basePRION:CVE-2008-6393

HistoryMar 03, 2009 - 4:30 p.m.

Integer overflow

2009-03-0316:30:00

PRIOn knowledge base

www.prio-n.com

8.1 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.074 Low

EPSS

Percentile

93.9%

JSON

PSI Jabber client before 0.12.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file transfer request with a negative value in a SOCKS5 option, which bypasses a signed integer check and triggers an integer overflow and a heap-based buffer overflow.

CPENameOperatorVersion
psile0.12
psieq0.1.0
psieq0.8.6
psieq0.8.7
psieq0.9
psieq0.9.1
psieq0.9.2
psieq0.9.3
psieq0.11

Name	Operator	Version
psi	le	0.12
psi	eq	0.1.0
psi	eq	0.8.6
psi	eq	0.8.7
psi	eq	0.9
psi	eq	0.9.1
psi	eq	0.9.2
psi	eq	0.9.3
psi	eq	0.11

References

bugs.gentoo.org/show_bug.cgi?id=252830

lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html

secunia.com/advisories/33311

secunia.com/advisories/34119

secunia.com/advisories/34259

secunia.com/advisories/34301

sourceforge.net/project/shownotes.php?release_id=658912

www.debian.org/security/2009/dsa-1741

www.openwall.com/lists/oss-security/2009/02/25/5

www.securityfocus.com/archive/1/499563

jolmos.blogspot.com/2008/12/psi-remote-integer-overflow.html

www.exploit-db.com/exploits/7555

www.redhat.com/archives/fedora-package-announce/2009-March/msg00071.html

www.redhat.com/archives/fedora-package-announce/2009-March/msg00080.html

8.1 High

AI Score

Confidence

High

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.074 Low

EPSS

Percentile

93.9%

JSON

Related for PRION:CVE-2008-6393