Vulnerability Details : CVE-2008-2382
The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message.
Vulnerability category: Denial of service
Exploit prediction scoring system (EPSS) score for CVE-2008-2382
Probability of exploitation activity in the next 30 days: 8.54%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 94 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-2382
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
[email protected] |
CWE ids for CVE-2008-2382
-
Assigned by: [email protected] (Primary)
Vendor statements for CVE-2008-2382
-
Red Hat 2009-01-05Not vulnerable. This issue did not affect the version of the Xen package as shipped with Red Hat Enterprise Linux 5.
-
http://www.vupen.com/english/advisories/2008/3489
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/47561
- http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
-
http://securitytracker.com/id?1021488
-
http://securitytracker.com/id?1021489
Exploit
-
http://www.vupen.com/english/advisories/2008/3488
- http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
- https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html
-
http://www.securityfocus.com/bid/32910
Exploit
-
http://securityreason.com/securityalert/4803
-
http://www.securityfocus.com/archive/1/499502/100/0/threaded
-
http://www.coresecurity.com/content/vnc-remote-dos
- http://www.ubuntu.com/usn/usn-776-1
- cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:*:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:73:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:78:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:71:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:70:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:62:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:61:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:54:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:53:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:46:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:75:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:74:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:67:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:66:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:58:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:57:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:50:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:49:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:42:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:41:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:40:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:33:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:32:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:25:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:24:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:16:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:15:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:8:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:7:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:45:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:37:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:36:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:29:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:28:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:21:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:20:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:12:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:11:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:4:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:3:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:77:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:76:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:69:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:68:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:60:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:59:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:52:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:51:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:44:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:43:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:35:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:34:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:27:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:26:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:19:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:18:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:17:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:10:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:9:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:2:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:1:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:72:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:65:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:64:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:63:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:56:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:55:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:48:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:47:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:39:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:38:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:31:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:30:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:23:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:22:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:14:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:13:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:6:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:5:*:*:*:*:*:*:*