Lucene search

RedhatCVE-2008-2361

HistoryJun 16, 2008 - 7:41 p.m.

CVE-2008-2361

2008-06-1619:41:00

CWE-189

redhat

web.nvd.nist.gov

cve-2008-2361

x server

render extension

denial of service

integer overflow

nvd

x.org x11r7.3

daemon crash

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

AI Score

7.6

Confidence

High

EPSS

0.003

Percentile

71.5%

JSON

Integer overflow in the ProcRenderCreateCursor function in the Render extension in the X server 1.4 in X.Org X11R7.3 allows context-dependent attackers to cause a denial of service (daemon crash) via unspecified request fields that are used to calculate a glyph buffer size, which triggers a dereference of unmapped memory.

Affected configurations

Nvd

Node

xorgx11Matchr7.3

VendorProductVersionCPE
xorgx11r7.3cpe:2.3:a:xorg:x11:r7.3:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
xorg	x11	r7.3	cpe:2.3:a:xorg:x11:r7.3:::::::*

References

ftp://ftp.freedesktop.org/pub/xorg/X11R7.3/patches/xorg-xserver-1.4-cve-2008-2361.diff

labs.idefense.com/intelligence/vulnerabilities/display.php?id=719

lists.apple.com/archives/security-announce/2009/Feb/msg00000.html

lists.freedesktop.org/archives/xorg/2008-June/036026.html

lists.opensuse.org/opensuse-security-announce/2008-06/msg00002.html

lists.opensuse.org/opensuse-security-announce/2008-09/msg00005.html

rhn.redhat.com/errata/RHSA-2008-0502.html

rhn.redhat.com/errata/RHSA-2008-0504.html

secunia.com/advisories/30627

secunia.com/advisories/30629

secunia.com/advisories/30630

secunia.com/advisories/30637

secunia.com/advisories/30659

secunia.com/advisories/30664

secunia.com/advisories/30666

secunia.com/advisories/30671

secunia.com/advisories/30715

secunia.com/advisories/30772

secunia.com/advisories/30809

secunia.com/advisories/30843

secunia.com/advisories/31025

secunia.com/advisories/31109

secunia.com/advisories/32099

secunia.com/advisories/33937

security.gentoo.org/glsa/glsa-200806-07.xml

securitytracker.com/id?1020244

sunsolve.sun.com/search/document.do?assetkey=1-26-238686-1

support.apple.com/kb/HT3438

support.avaya.com/elmodocs2/security/ASA-2008-249.htm

wiki.rpath.com/wiki/Advisories:rPSA-2008-0201

www.debian.org/security/2008/dsa-1595

www.gentoo.org/security/en/glsa/glsa-200807-07.xml

www.mandriva.com/security/advisories?name=MDVSA-2008:115

www.mandriva.com/security/advisories?name=MDVSA-2008:116

www.mandriva.com/security/advisories?name=MDVSA-2008:179

www.redhat.com/support/errata/RHSA-2008-0503.html

www.securityfocus.com/archive/1/493548/100/0/threaded

www.securityfocus.com/archive/1/493550/100/0/threaded

www.securityfocus.com/bid/29665

www.ubuntu.com/usn/usn-616-1

www.vupen.com/english/advisories/2008/1803

www.vupen.com/english/advisories/2008/1833

www.vupen.com/english/advisories/2008/1983/references

issues.rpath.com/browse/RPL-2607

issues.rpath.com/browse/RPL-2619

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A8978

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:S/C:N/I:N/A:C

AI Score

7.6

Confidence

High

EPSS

0.003

Percentile

71.5%

JSON

Related for CVE-2008-2361