Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2008-2382

The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message.

Published

2008-12-24T18:29:15.733

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 5.0 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-399

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	qemu	qemu	≤ 0.9.1	Yes
Application	qemu	qemu	0.1.0	Yes
Application	qemu	qemu	0.1.1	Yes
Application	qemu	qemu	0.1.2	Yes
Application	qemu	qemu	0.1.3	Yes
Application	qemu	qemu	0.1.4	Yes
Application	qemu	qemu	0.1.5	Yes
Application	qemu	qemu	0.1.6	Yes
Application	qemu	qemu	0.2.0	Yes
Application	qemu	qemu	0.3.0	Yes
Application	qemu	qemu	0.4.0	Yes
Application	qemu	qemu	0.4.1	Yes
Application	qemu	qemu	0.4.2	Yes
Application	qemu	qemu	0.4.3	Yes
Application	qemu	qemu	0.5.0	Yes
Application	qemu	qemu	0.5.1	Yes
Application	qemu	qemu	0.5.2	Yes
Application	qemu	qemu	0.5.3	Yes
Application	qemu	qemu	0.5.4	Yes
Application	qemu	qemu	0.5.5	Yes
Application	qemu	qemu	0.6.0	Yes
Application	qemu	qemu	0.6.1	Yes
Application	qemu	qemu	0.7.0	Yes
Application	qemu	qemu	0.7.1	Yes
Application	qemu	qemu	0.7.2	Yes
Application	qemu	qemu	0.8.0	Yes
Application	qemu	qemu	0.8.1	Yes
Application	qemu	qemu	0.8.2	Yes
Application	qemu	qemu	0.9.0	Yes
Application	kvm_qumranet	kvm	≤ 79	Yes
Application	kvm_qumranet	kvm	1	Yes
Application	kvm_qumranet	kvm	2	Yes
Application	kvm_qumranet	kvm	3	Yes
Application	kvm_qumranet	kvm	4	Yes
Application	kvm_qumranet	kvm	5	Yes
Application	kvm_qumranet	kvm	6	Yes
Application	kvm_qumranet	kvm	7	Yes
Application	kvm_qumranet	kvm	8	Yes
Application	kvm_qumranet	kvm	9	Yes
Application	kvm_qumranet	kvm	10	Yes
Application	kvm_qumranet	kvm	11	Yes
Application	kvm_qumranet	kvm	12	Yes
Application	kvm_qumranet	kvm	13	Yes
Application	kvm_qumranet	kvm	14	Yes
Application	kvm_qumranet	kvm	15	Yes
Application	kvm_qumranet	kvm	16	Yes
Application	kvm_qumranet	kvm	17	Yes
Application	kvm_qumranet	kvm	18	Yes
Application	kvm_qumranet	kvm	19	Yes
Application	kvm_qumranet	kvm	20	Yes
Application	kvm_qumranet	kvm	21	Yes
Application	kvm_qumranet	kvm	22	Yes
Application	kvm_qumranet	kvm	23	Yes
Application	kvm_qumranet	kvm	24	Yes
Application	kvm_qumranet	kvm	25	Yes
Application	kvm_qumranet	kvm	26	Yes
Application	kvm_qumranet	kvm	27	Yes
Application	kvm_qumranet	kvm	28	Yes
Application	kvm_qumranet	kvm	29	Yes
Application	kvm_qumranet	kvm	30	Yes
Application	kvm_qumranet	kvm	31	Yes
Application	kvm_qumranet	kvm	32	Yes
Application	kvm_qumranet	kvm	33	Yes
Application	kvm_qumranet	kvm	34	Yes
Application	kvm_qumranet	kvm	35	Yes
Application	kvm_qumranet	kvm	36	Yes
Application	kvm_qumranet	kvm	37	Yes
Application	kvm_qumranet	kvm	38	Yes
Application	kvm_qumranet	kvm	39	Yes
Application	kvm_qumranet	kvm	40	Yes
Application	kvm_qumranet	kvm	41	Yes
Application	kvm_qumranet	kvm	42	Yes
Application	kvm_qumranet	kvm	43	Yes
Application	kvm_qumranet	kvm	44	Yes
Application	kvm_qumranet	kvm	45	Yes
Application	kvm_qumranet	kvm	46	Yes
Application	kvm_qumranet	kvm	47	Yes
Application	kvm_qumranet	kvm	48	Yes
Application	kvm_qumranet	kvm	49	Yes
Application	kvm_qumranet	kvm	50	Yes
Application	kvm_qumranet	kvm	51	Yes
Application	kvm_qumranet	kvm	52	Yes
Application	kvm_qumranet	kvm	53	Yes
Application	kvm_qumranet	kvm	54	Yes
Application	kvm_qumranet	kvm	55	Yes
Application	kvm_qumranet	kvm	56	Yes
Application	kvm_qumranet	kvm	57	Yes
Application	kvm_qumranet	kvm	58	Yes
Application	kvm_qumranet	kvm	59	Yes
Application	kvm_qumranet	kvm	60	Yes
Application	kvm_qumranet	kvm	61	Yes
Application	kvm_qumranet	kvm	62	Yes
Application	kvm_qumranet	kvm	63	Yes
Application	kvm_qumranet	kvm	64	Yes
Application	kvm_qumranet	kvm	65	Yes
Application	kvm_qumranet	kvm	66	Yes
Application	kvm_qumranet	kvm	67	Yes
Application	kvm_qumranet	kvm	68	Yes
Application	kvm_qumranet	kvm	69	Yes
Application	kvm_qumranet	kvm	70	Yes
Application	kvm_qumranet	kvm	71	Yes
Application	kvm_qumranet	kvm	72	Yes
Application	kvm_qumranet	kvm	73	Yes
Application	kvm_qumranet	kvm	74	Yes
Application	kvm_qumranet	kvm	75	Yes
Application	kvm_qumranet	kvm	76	Yes
Application	kvm_qumranet	kvm	77	Yes
Application	kvm_qumranet	kvm	78	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html ([email protected])
http://secunia.com/advisories/33293 Vendor Advisory ([email protected])
http://secunia.com/advisories/33303 Vendor Advisory ([email protected])
http://secunia.com/advisories/33350 ([email protected])
http://secunia.com/advisories/33568 ([email protected])
http://secunia.com/advisories/34642 ([email protected])
http://secunia.com/advisories/35062 ([email protected])
http://securityreason.com/securityalert/4803 ([email protected])
http://securitytracker.com/id?1021488 ([email protected])
http://securitytracker.com/id?1021489 Exploit ([email protected])
http://www.coresecurity.com/content/vnc-remote-dos ([email protected])
http://www.securityfocus.com/archive/1/499502/100/0/threaded ([email protected])
http://www.securityfocus.com/bid/32910 Exploit ([email protected])
http://www.ubuntu.com/usn/usn-776-1 ([email protected])
http://www.vupen.com/english/advisories/2008/3488 ([email protected])
http://www.vupen.com/english/advisories/2008/3489 ([email protected])
https://exchange.xforce.ibmcloud.com/vulnerabilities/47561 ([email protected])
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33293 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33303 Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33350 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/33568 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/34642 (af854a3a-2127-422b-91ae-364da2661108)
http://secunia.com/advisories/35062 (af854a3a-2127-422b-91ae-364da2661108)
http://securityreason.com/securityalert/4803 (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1021488 (af854a3a-2127-422b-91ae-364da2661108)
http://securitytracker.com/id?1021489 Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.coresecurity.com/content/vnc-remote-dos (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/archive/1/499502/100/0/threaded (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/32910 Exploit (af854a3a-2127-422b-91ae-364da2661108)
http://www.ubuntu.com/usn/usn-776-1 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/3488 (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2008/3489 (af854a3a-2127-422b-91ae-364da2661108)
https://exchange.xforce.ibmcloud.com/vulnerabilities/47561 (af854a3a-2127-422b-91ae-364da2661108)
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html (af854a3a-2127-422b-91ae-364da2661108)