Lucene search

[email protected]NVD:CVE-2008-0295

HistoryJan 16, 2008 - 10:00 p.m.

CVE-2008-0295

2008-01-1622:00:00

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

7.9

Confidence

High

EPSS

0.047

Percentile

92.8%

JSON

Heap-based buffer overflow in modules/access/rtsp/real_sdpplin.c in the Xine library, as used in VideoLAN VLC Media Player 0.8.6d and earlier, allows user-assisted remote attackers to cause a denial of service (crash) or execute arbitrary code via long Session Description Protocol (SDP) data.

Affected configurations

Nvd

Node

videolanvlc_media_playerRange≤0.8.6d

VendorProductVersionCPE
videolanvlc_media_player*cpe:2.3:a:videolan:vlc_media_player:*:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
videolan	vlc_media_player	*	cpe:2.3:a:videolan:vlc_media_player::::::::

References

aluigi.altervista.org/adv/vlcxhof-adv.txt

secunia.com/advisories/28383

secunia.com/advisories/29284

secunia.com/advisories/29766

www.debian.org/security/2008/dsa-1543

www.gentoo.org/security/en/glsa/glsa-200803-13.xml

www.securityfocus.com/bid/27221

www.vupen.com/english/advisories/2008/0105

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14776

CVSS2

8.5

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

SINGLE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:S/C:C/I:C/A:C

AI Score

7.9

Confidence

High

EPSS

0.047

Percentile

92.8%

JSON

Related for NVD:CVE-2008-0295

ubuntucve1 debiancve1 prion1 cve1 cvelist1 openvas4 gentoo1 exploitdb1 nessus2 osv1 debian1