ByteOS Network

Vulnerability Details :

CVE-2007-5938

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-06 Dec, 2007 | 15:00

Updated At-07 Aug, 2024 | 15:47

The iwl_set_rate function in compatible/iwl3945-base.c in iwlwifi 1.1.21 and earlier dereferences an iwl_get_hw_mode return value without checking for NULL, which might allow remote attackers to cause a denial of service (kernel panic) via unspecified vectors during module initialization.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:06 Dec, 2007 | 15:00

Updated At:07 Aug, 2024 | 15:47

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://bugs.gentoo.org/show_bug.cgi?id=199209	x_refsource_CONFIRM
http://www.redhat.com/support/errata/RHSA-2008-0154.html	vendor-advisory x_refsource_REDHAT
http://osvdb.org/44749	vdb-entry x_refsource_OSVDB
http://www.vupen.com/english/advisories/2007/4211	vdb-entry x_refsource_VUPEN
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10787	vdb-entry signature x_refsource_OVAL
http://secunia.com/advisories/29236	third-party-advisory x_refsource_SECUNIA
http://www.securityfocus.com/bid/26842	vdb-entry x_refsource_BID
http://article.gmane.org/gmane.linux.drivers.ipw3945.devel/1618	x_refsource_MISC
http://www.intellinuxwireless.org/repos/?p=iwlwifi.git%3Ba=commitdiff%3Bh=25db44d4cdfe31d59223d74cb577f4a71aff1a40	x_refsource_CONFIRM

Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=199209

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0154.html

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: http://osvdb.org/44749

Resource:

vdb-entry

x_refsource_OSVDB

Hyperlink: http://www.vupen.com/english/advisories/2007/4211

Resource:

vdb-entry

x_refsource_VUPEN

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10787

Resource:

vdb-entry

signature

x_refsource_OVAL

Hyperlink: http://secunia.com/advisories/29236

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://www.securityfocus.com/bid/26842

Resource:

vdb-entry

x_refsource_BID

Hyperlink: http://article.gmane.org/gmane.linux.drivers.ipw3945.devel/1618

Resource:

x_refsource_MISC

Hyperlink: http://www.intellinuxwireless.org/repos/?p=iwlwifi.git%3Ba=commitdiff%3Bh=25db44d4cdfe31d59223d74cb577f4a71aff1a40

Resource:

x_refsource_CONFIRM

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://bugs.gentoo.org/show_bug.cgi?id=199209	x_refsource_CONFIRM x_transferred
http://www.redhat.com/support/errata/RHSA-2008-0154.html	vendor-advisory x_refsource_REDHAT x_transferred
http://osvdb.org/44749	vdb-entry x_refsource_OSVDB x_transferred
http://www.vupen.com/english/advisories/2007/4211	vdb-entry x_refsource_VUPEN x_transferred
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10787	vdb-entry signature x_refsource_OVAL x_transferred
http://secunia.com/advisories/29236	third-party-advisory x_refsource_SECUNIA x_transferred
http://www.securityfocus.com/bid/26842	vdb-entry x_refsource_BID x_transferred
http://article.gmane.org/gmane.linux.drivers.ipw3945.devel/1618	x_refsource_MISC x_transferred
http://www.intellinuxwireless.org/repos/?p=iwlwifi.git%3Ba=commitdiff%3Bh=25db44d4cdfe31d59223d74cb577f4a71aff1a40	x_refsource_CONFIRM x_transferred

Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=199209

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0154.html

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: http://osvdb.org/44749

Resource:

vdb-entry

x_refsource_OSVDB

x_transferred

Hyperlink: http://www.vupen.com/english/advisories/2007/4211

Resource:

vdb-entry

x_refsource_VUPEN

x_transferred

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10787

Resource:

vdb-entry

signature

x_refsource_OVAL

x_transferred

Hyperlink: http://secunia.com/advisories/29236

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://www.securityfocus.com/bid/26842

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: http://article.gmane.org/gmane.linux.drivers.ipw3945.devel/1618

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://www.intellinuxwireless.org/repos/?p=iwlwifi.git%3Ba=commitdiff%3Bh=25db44d4cdfe31d59223d74cb577f4a71aff1a40

Resource:

x_refsource_CONFIRM

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:06 Dec, 2007 | 15:46

Updated At:07 Nov, 2023 | 02:01

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:N/I:N/A:P

CPE Matches

Intel Corporation

>>pro_wireless_3945abg>>1.1.21

cpe:2.3:h:intel:pro_wireless_3945abg:1.1.21:*:*:*:*:*:*:*

Intel Corporation

>>wireless_wifi_link_4965agn>>1.1.21

cpe:2.3:h:intel:wireless_wifi_link_4965agn:1.1.21:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-189	Primary	nvd@nist.gov

CWE ID: CWE-189

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://article.gmane.org/gmane.linux.drivers.ipw3945.devel/1618	cve@mitre.org	N/A
http://bugs.gentoo.org/show_bug.cgi?id=199209	cve@mitre.org	Exploit
http://osvdb.org/44749	cve@mitre.org	N/A
http://secunia.com/advisories/29236	cve@mitre.org	N/A
http://www.intellinuxwireless.org/repos/?p=iwlwifi.git%3Ba=commitdiff%3Bh=25db44d4cdfe31d59223d74cb577f4a71aff1a40	cve@mitre.org	N/A
http://www.redhat.com/support/errata/RHSA-2008-0154.html	cve@mitre.org	N/A
http://www.securityfocus.com/bid/26842	cve@mitre.org	N/A
http://www.vupen.com/english/advisories/2007/4211	cve@mitre.org	N/A
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10787	cve@mitre.org	N/A

Hyperlink: http://article.gmane.org/gmane.linux.drivers.ipw3945.devel/1618

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=199209

Source: cve@mitre.org

Resource:

Exploit

Hyperlink: http://osvdb.org/44749

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/29236

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.intellinuxwireless.org/repos/?p=iwlwifi.git%3Ba=commitdiff%3Bh=25db44d4cdfe31d59223d74cb577f4a71aff1a40

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.redhat.com/support/errata/RHSA-2008-0154.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/26842

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.vupen.com/english/advisories/2007/4211

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10787

Source: cve@mitre.org

Resource: N/A

Similar CVEs

58Records found

CVE-2007-5300

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-5||MEDIUM

EPSS-14.10% / 94.10%

7 Day CHG~0.00%

Published-09 Oct, 2007 | 18:00

Updated-07 Aug, 2024 | 15:24

Off-by-one error in the do_login_loop function in libwzd-core/wzd_login.c in wzdftpd 0.8.0, 0.8.2, and possibly other versions allows remote attackers to cause a denial of service (daemon crash) via a long USER command that triggers a stack-based buffer overflow. NOTE: some of these details are obtained from third party information.

Vendor-wzdftpd n/a

Product-wzdftpd n/a

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-189

Not Available

CVE-2007-5030

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-5||MEDIUM

EPSS-1.19% / 78.00%

7 Day CHG~0.00%

Published-21 Sep, 2007 | 18:00

Updated-07 Aug, 2024 | 15:17

Multiple integer overflows in Dibbler 0.6.0 allow remote attackers to cause a denial of service (daemon crash) via packets containing options with large lengths, which trigger attempts at excessive memory allocation, as demonstrated by (1) the TSrvMsg constructor in SrvMessages/SrvMsg.cpp; the (2) TClntMsg, (3) TClntOptIAAddress, (4) TClntOptIAPrefix, (5) TOptVendorSpecInfo, and (6) TOptOptionRequest constructors; and the (7) TRelIfaceMgr::decodeRelayRepl, (8) TRelMsg::decodeOpts, and (9) TSrvIfaceMgr::decodeRelayForw methods.

Vendor-dibbler n/a

Product-dibbler n/a

CWE ID-CWE-189

Not Available

CVE-2007-5029

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-5||MEDIUM

EPSS-1.36% / 79.42%

7 Day CHG~0.00%

Published-21 Sep, 2007 | 18:00

Updated-07 Aug, 2024 | 15:17

Dibbler 0.6.0 does not verify that certain length parameters are appropriate for buffer sizes, which allows remote attackers to trigger a buffer over-read and cause a denial of service (daemon crash), as demonstrated by incorrect behavior of the TSrvMsg constructor in SrvMessages/SrvMsg.cpp when (1) reading the option code and option length and (2) parsing options.

Vendor-dibbler n/a

Product-dibbler n/a

CWE ID-CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE ID-CWE-189

Not Available

CWE ID-CWE-20

Improper Input Validation

CVE-2019-11837

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-7.5||HIGH

EPSS-0.28% / 51.32%

7 Day CHG~0.00%

Published-09 May, 2019 | 13:07

Updated-04 Aug, 2024 | 23:03

njs through 0.3.1, used in NGINX, has a segmentation fault in String.prototype.toBytes for negative arguments, related to nxt_utf8_next in nxt/nxt_utf8.h and njs_string_offset in njs/njs_string.c.

Vendor-n/a F5, Inc.

Product-njs n/a

CWE ID-CWE-189

Not Available

CVE-2009-2547

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-5||MEDIUM

EPSS-0.61% / 68.90%

7 Day CHG~0.00%

Published-20 Jul, 2009 | 19:25

Updated-07 Aug, 2024 | 05:52

Integer underflow in Armed Assault (aka ArmA) 1.14 and earlier, and 1.16 beta, and Armed Assault II 1.02 and earlier allows remote attackers to cause a denial of service (crash) via a VoIP over Network (VON) packet to port 2305 with a negative packet_size value, which triggers a buffer over-read.

Vendor-bistudio n/a

Product-arma_2 arma n/a

CWE ID-CWE-189

Not Available

CVE-2008-7013

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-5||MEDIUM

EPSS-0.30% / 53.20%

7 Day CHG~0.00%

Published-19 Aug, 2009 | 10:00

Updated-07 Aug, 2024 | 11:49

NetService.dll in Baidu Hi IM allows remote servers to cause a denial of service (client crash) via a crafted login response that triggers a divide-by-zero error.

Vendor-baidu n/a

Product-baidu_hi_im n/a

CWE ID-CWE-189

Not Available

CVE-2008-6680

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-5||MEDIUM

EPSS-6.09% / 90.40%

7 Day CHG~0.00%

Published-08 Apr, 2009 | 16:00

Updated-07 Aug, 2024 | 11:41

libclamav/pe.c in ClamAV before 0.95 allows remote attackers to cause a denial of service (crash) via a crafted EXE file that triggers a divide-by-zero error.

Vendor-n/a ClamAV

Product-clamav n/a

CWE ID-CWE-189

Not Available

CVE-2008-3950

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-5||MEDIUM

EPSS-4.15% / 88.21%

7 Day CHG~0.00%

Published-16 Sep, 2008 | 23:00

Updated-07 Aug, 2024 | 10:00

Off-by-one error in the _web_drawInRect:withFont:ellipsis:alignment:measureOnly function in WebKit in Safari in Apple iPhone 1.1.4 and 2.0 and iPod touch 1.1.4 and 2.0 allows remote attackers to cause a denial of service (browser crash) via a JavaScript alert call with an argument that lacks breakable characters and has a length that is a multiple of the memory page size, leading to an out-of-bounds read.

Vendor-n/a Apple Inc.

Product-safari iphone ipod_touch n/a

CWE ID-CWE-189

Not Available

CVE-2007-5938

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs