CVE-2008-2954

Published: Jul 1, 2008Modified: Apr 23, 2026

7.8

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Exploitability: 10.0 / Impact: 6.9

Source: NVD

Description

client/NmdcHub.cpp in Linux DC++ (linuxdcpp) before 0.707 allows remote attackers to cause a denial of service (crash) via an empty private message, which triggers an out-of-bounds read.

Affected (9)

Products: Linux: Direct Connect

1 product

Configuration A

9 vulnerable

Vulnerable Software	Affected Versions
Linux Direct Connect	Version 0.686
Linux Direct Connect	Version 0.699
Linux Direct Connect	Version 0.700
Linux Direct Connect	Version 0.701
Linux Direct Connect	Version 0.702
Linux Direct Connect	Version 0.703
Linux Direct Connect	Version 0.704
Linux Direct Connect	Version 0.705
Linux Direct Connect	Version 0.706

Related CWEs

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (22)

http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/Changelog.txt

Source: cve@mitre.org

http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/client/NmdcHub.cpp.diff?r1=1.14&r2=1.15&sortby=date

Source: cve@mitre.org

Exploit

http://dcplusplus.svn.sourceforge.net/viewvc/dcplusplus/dcplusplus/trunk/changelog.txt?r1=1027&r2=1026&pathrev=1027

Source: cve@mitre.org

http://secunia.com/advisories/30907

Source: cve@mitre.org

http://secunia.com/advisories/30918

Source: cve@mitre.org

http://www.securityfocus.com/bid/30037

Source: cve@mitre.org

http://www.securitytracker.com/id?1020409

Source: cve@mitre.org

http://www.securitytracker.com/id?1020410

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/43566

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00101.html

Source: cve@mitre.org

https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00116.html

Source: cve@mitre.org

http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/Changelog.txt

Source: af854a3a-2127-422b-91ae-364da2661108

http://cvs.berlios.de/cgi-bin/viewcvs.cgi/linuxdcpp/linuxdcpp/client/NmdcHub.cpp.diff?r1=1.14&r2=1.15&sortby=date

Source: af854a3a-2127-422b-91ae-364da2661108

Exploit

http://dcplusplus.svn.sourceforge.net/viewvc/dcplusplus/dcplusplus/trunk/changelog.txt?r1=1027&r2=1026&pathrev=1027

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/30907

Source: af854a3a-2127-422b-91ae-364da2661108

http://secunia.com/advisories/30918

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/30037

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1020409

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securitytracker.com/id?1020410

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/43566

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00101.html

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.redhat.com/archives/fedora-package-announce/2008-July/msg00116.html

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.