Vulnerability Details : CVE-2008-2382
The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message.
Vulnerability category: Denial of service
Products affected by CVE-2008-2382
- cpe:2.3:a:qemu:qemu:*:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.8.2:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.9.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.4.3:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.5.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.7.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.7.2:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.8.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.4.2:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.5.5:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.5.4:*:*:*:*:*:*:*
- cpe:2.3:a:qemu:qemu:0.8.1:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:*:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:73:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:78:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:71:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:70:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:62:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:61:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:54:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:53:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:46:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:75:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:74:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:67:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:66:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:58:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:57:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:50:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:49:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:42:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:41:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:40:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:33:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:32:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:25:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:24:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:16:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:15:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:8:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:7:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:45:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:37:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:36:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:29:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:28:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:21:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:20:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:12:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:11:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:4:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:3:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:77:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:76:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:69:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:68:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:60:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:59:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:52:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:51:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:44:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:43:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:35:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:34:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:27:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:26:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:19:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:18:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:17:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:10:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:9:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:2:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:1:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:72:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:65:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:64:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:63:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:56:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:55:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:48:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:47:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:39:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:38:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:31:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:30:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:23:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:22:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:14:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:13:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:6:*:*:*:*:*:*:*
- cpe:2.3:a:kvm_qumranet:kvm:5:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-2382
8.83%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-2382
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.0
|
MEDIUM | AV:N/AC:L/Au:N/C:N/I:N/A:P |
10.0
|
2.9
|
NIST |
CWE ids for CVE-2008-2382
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2008-2382
-
Red Hat 2009-01-05Not vulnerable. This issue did not affect the version of the Xen package as shipped with Red Hat Enterprise Linux 5.
References for CVE-2008-2382
-
http://www.vupen.com/english/advisories/2008/3489
Site en construction
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/47561
QEMU and KVM protocol_client_msg() denial of service CVE-2008-2382 Vulnerability Report
-
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:008 - openSUSE Security Announce - openSUSE Mailing Lists
-
http://securitytracker.com/id?1021488
GoDaddy Domain Name Search
-
http://securitytracker.com/id?1021489
Access DeniedExploit
-
http://www.vupen.com/english/advisories/2008/3488
Site en construction
-
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:002 - openSUSE Security Announce - openSUSE Mailing Lists
-
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html
[SECURITY] Fedora 9 Update: kvm-65-15.fc9
-
http://www.securityfocus.com/bid/32910
Exploit
-
http://securityreason.com/securityalert/4803
CORE-2008-1210: Qemu and KVM VNC server remote DoS - CXSecurity.com
-
http://www.securityfocus.com/archive/1/499502/100/0/threaded
-
http://www.coresecurity.com/content/vnc-remote-dos
Qemu and KVM VNC Server Remote DoS | CoreLabs Advisories
-
http://www.ubuntu.com/usn/usn-776-1
USN-776-1: KVM vulnerabilities | Ubuntu security notices | Ubuntu
Jump to