Lucene search

[email protected]CVE-2012-0806

HistoryJan 27, 2012 - 12:55 a.m.

CVE-2012-0806

2012-01-2700:55:01

CWE-119

[email protected]

web.nvd.nist.gov

cve-2012-0806

buffer overflow

bip 0.8.8

remote execution

authentication

tcp connections

6.5 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

SINGLE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:S/C:P/I:P/A:P

7.3 High

AI Score

Confidence

Low

0.021 Low

EPSS

Percentile

89.3%

JSON

Buffer overflow in Bip 0.8.8 and earlier might allow remote authenticated users to execute arbitrary code via vectors involving a series of TCP connections that triggers use of many open file descriptors.

Affected configurations

NVD

Node

duckcorpbipRange≤0.8.8

duckcorpbipMatch0.7.0

duckcorpbipMatch0.7.1

duckcorpbipMatch0.7.2

duckcorpbipMatch0.7.3

duckcorpbipMatch0.7.4

duckcorpbipMatch0.7.5

duckcorpbipMatch0.8.0

duckcorpbipMatch0.8.0rc0

duckcorpbipMatch0.8.0rc1

duckcorpbipMatch0.8.1

duckcorpbipMatch0.8.2

duckcorpbipMatch0.8.3

duckcorpbipMatch0.8.4

duckcorpbipMatch0.8.5

duckcorpbipMatch0.8.6

duckcorpbipMatch0.8.7

CPENameOperatorVersion
duckcorp:bipduckcorp biple0.8.8
duckcorp:bipduckcorp bipeq0.7.0
duckcorp:bipduckcorp bipeq0.7.1
duckcorp:bipduckcorp bipeq0.7.2
duckcorp:bipduckcorp bipeq0.7.3
duckcorp:bipduckcorp bipeq0.7.4
duckcorp:bipduckcorp bipeq0.7.5
duckcorp:bipduckcorp bipeq0.8.0
duckcorp:bipduckcorp bipeq0.8.1
duckcorp:bipduckcorp bipeq0.8.2

CPE	Name	Operator	Version
duckcorp:bip	duckcorp bip	le	0.8.8
duckcorp:bip	duckcorp bip	eq	0.7.0
duckcorp:bip	duckcorp bip	eq	0.7.1
duckcorp:bip	duckcorp bip	eq	0.7.2
duckcorp:bip	duckcorp bip	eq	0.7.3
duckcorp:bip	duckcorp bip	eq	0.7.4
duckcorp:bip	duckcorp bip	eq	0.7.5
duckcorp:bip	duckcorp bip	eq	0.8.0
duckcorp:bip	duckcorp bip	eq	0.8.1
duckcorp:bip	duckcorp bip	eq	0.8.2