Vulnerability Details : CVE-2008-5714
Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.
Exploit prediction scoring system (EPSS) score for CVE-2008-5714
Probability of exploitation activity in the next 30 days: 0.67%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 77 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2008-5714
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:C/I:N/A:N |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2008-5714
-
Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2008-5714
-
Red Hat 2009-02-26Not vulnerable. This issue did not affect the versions of Xen as shipped with Red Hat Enterprise Linux 5.
-
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
[security-announce] SUSE Security Summary Report: SUSE-SR:2009:008 - openSUSE Security Announce - openSUSE Mailing Lists
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/47683
-
http://lists.gnu.org/archive/html/qemu-devel/2008-12/msg00498.html
- http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
-
http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5966
-
http://www.securityfocus.com/bid/33020
-
http://svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu&r1=5966&r2=5965&pathrev=5966
- http://www.ubuntu.com/usn/usn-776-1
-
http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html
- cpe:2.3:a:qemu:qemu:0.9.1:*:*:*:*:*:*:*