Lucene search

K

[email protected]NVD:CVE-2008-3794

HistoryAug 26, 2008 - 3:41 p.m.

CVE-2008-3794

2008-08-2615:41:00

CWE-189

[email protected]

web.nvd.nist.gov

7

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

High

EPSS

0.152

Percentile

95.9%

Integer signedness error in the mms_ReceiveCommand function in modules/access/mms/mmstu.c in VLC Media Player 0.8.6i allows remote attackers to execute arbitrary code via a crafted mmst link with a negative size value, which bypasses a size check and triggers an integer overflow followed by a heap-based buffer overflow.

Affected configurations

Nvd

Node

videolanvlc_media_playerMatch0.8.6i

References

mailman.videolan.org/pipermail/vlc-devel/2008-August/048488.html

security.gentoo.org/glsa/glsa-200809-06.xml

securityreason.com/securityalert/4190

www.openwall.com/lists/oss-security/2008/08/24/3

www.orange-bat.com/adv/2008/adv.08.24.txt

www.securityfocus.com/bid/30806

www.securitytracker.com/id?1020759

exchange.xforce.ibmcloud.com/vulnerabilities/44659

oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A14531

www.exploit-db.com/exploits/6293

CVSS2

6.8

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:P/I:P/A:P

AI Score

7.7

Confidence

High

EPSS

0.152

Percentile

95.9%

Related for NVD:CVE-2008-3794

debiancve1 cve1 ubuntucve1 prion1 cvelist1 openvas4 securityvulns2 nessus2 gentoo1 debian1 osv1