ByteOS Network

Vulnerability Details :

CVE-2008-6393

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-03 Mar, 2009 | 16:00

Updated At-07 Aug, 2024 | 11:27

PSI Jabber client before 0.12.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file transfer request with a negative value in a SOCKS5 option, which bypasses a signed integer check and triggers an integer overflow and a heap-based buffer overflow.

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

▼Common Vulnerabilities and Exposures (CVE)

cve.org

Assigner:mitre

Assigner Org ID:8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At:03 Mar, 2009 | 16:00

Updated At:07 Aug, 2024 | 11:27

▼CVE Numbering Authority (CNA)

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://secunia.com/advisories/34259	third-party-advisory x_refsource_SECUNIA
http://bugs.gentoo.org/show_bug.cgi?id=252830	x_refsource_CONFIRM
http://secunia.com/advisories/34301	third-party-advisory x_refsource_SECUNIA
https://www.exploit-db.com/exploits/7555	exploit x_refsource_EXPLOIT-DB
http://www.securityfocus.com/archive/1/499563	mailing-list x_refsource_BUGTRAQ
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html	vendor-advisory x_refsource_SUSE
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00071.html	vendor-advisory x_refsource_FEDORA
http://www.openwall.com/lists/oss-security/2009/02/25/5	mailing-list x_refsource_MLIST
http://jolmos.blogspot.com/2008/12/psi-remote-integer-overflow.html	x_refsource_MISC
http://sourceforge.net/project/shownotes.php?release_id=658912	x_refsource_CONFIRM
http://secunia.com/advisories/33311	third-party-advisory x_refsource_SECUNIA
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00080.html	vendor-advisory x_refsource_FEDORA
http://www.debian.org/security/2009/dsa-1741	vendor-advisory x_refsource_DEBIAN
http://secunia.com/advisories/34119	third-party-advisory x_refsource_SECUNIA

Hyperlink: http://secunia.com/advisories/34259

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=252830

Resource:

x_refsource_CONFIRM

Hyperlink: http://secunia.com/advisories/34301

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: https://www.exploit-db.com/exploits/7555

Resource:

exploit

x_refsource_EXPLOIT-DB

Hyperlink: http://www.securityfocus.com/archive/1/499563

Resource:

mailing-list

x_refsource_BUGTRAQ

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html

Resource:

vendor-advisory

x_refsource_SUSE

Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00071.html

Resource:

vendor-advisory

x_refsource_FEDORA

Hyperlink: http://www.openwall.com/lists/oss-security/2009/02/25/5

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: http://jolmos.blogspot.com/2008/12/psi-remote-integer-overflow.html

Resource:

x_refsource_MISC

Hyperlink: http://sourceforge.net/project/shownotes.php?release_id=658912

Resource:

x_refsource_CONFIRM

Hyperlink: http://secunia.com/advisories/33311

Resource:

third-party-advisory

x_refsource_SECUNIA

Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00080.html

Resource:

vendor-advisory

x_refsource_FEDORA

Hyperlink: http://www.debian.org/security/2009/dsa-1741

Resource:

vendor-advisory

x_refsource_DEBIAN

Hyperlink: http://secunia.com/advisories/34119

Resource:

third-party-advisory

x_refsource_SECUNIA

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://secunia.com/advisories/34259	third-party-advisory x_refsource_SECUNIA x_transferred
http://bugs.gentoo.org/show_bug.cgi?id=252830	x_refsource_CONFIRM x_transferred
http://secunia.com/advisories/34301	third-party-advisory x_refsource_SECUNIA x_transferred
https://www.exploit-db.com/exploits/7555	exploit x_refsource_EXPLOIT-DB x_transferred
http://www.securityfocus.com/archive/1/499563	mailing-list x_refsource_BUGTRAQ x_transferred
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html	vendor-advisory x_refsource_SUSE x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00071.html	vendor-advisory x_refsource_FEDORA x_transferred
http://www.openwall.com/lists/oss-security/2009/02/25/5	mailing-list x_refsource_MLIST x_transferred
http://jolmos.blogspot.com/2008/12/psi-remote-integer-overflow.html	x_refsource_MISC x_transferred
http://sourceforge.net/project/shownotes.php?release_id=658912	x_refsource_CONFIRM x_transferred
http://secunia.com/advisories/33311	third-party-advisory x_refsource_SECUNIA x_transferred
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00080.html	vendor-advisory x_refsource_FEDORA x_transferred
http://www.debian.org/security/2009/dsa-1741	vendor-advisory x_refsource_DEBIAN x_transferred
http://secunia.com/advisories/34119	third-party-advisory x_refsource_SECUNIA x_transferred

Hyperlink: http://secunia.com/advisories/34259

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=252830

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://secunia.com/advisories/34301

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: https://www.exploit-db.com/exploits/7555

Resource:

exploit

x_refsource_EXPLOIT-DB

x_transferred

Hyperlink: http://www.securityfocus.com/archive/1/499563

Resource:

mailing-list

x_refsource_BUGTRAQ

x_transferred

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html

Resource:

vendor-advisory

x_refsource_SUSE

x_transferred

Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00071.html

Resource:

vendor-advisory

x_refsource_FEDORA

x_transferred

Hyperlink: http://www.openwall.com/lists/oss-security/2009/02/25/5

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: http://jolmos.blogspot.com/2008/12/psi-remote-integer-overflow.html

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://sourceforge.net/project/shownotes.php?release_id=658912

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://secunia.com/advisories/33311

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00080.html

Resource:

vendor-advisory

x_refsource_FEDORA

x_transferred

Hyperlink: http://www.debian.org/security/2009/dsa-1741

Resource:

vendor-advisory

x_refsource_DEBIAN

x_transferred

Hyperlink: http://secunia.com/advisories/34119

Resource:

third-party-advisory

x_refsource_SECUNIA

x_transferred

▼National Vulnerability Database (NVD)

nvd.nist.gov

Source:cve@mitre.org

Published At:03 Mar, 2009 | 16:30

Updated At:29 Sep, 2017 | 01:33

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	10.0	HIGH	AV:N/AC:L/Au:N/C:C/I:C/A:C

Type: Primary

Version: 2.0

Base score: 10.0

Base severity: HIGH

Vector:

AV:N/AC:L/Au:N/C:C/I:C/A:C

CPE Matches

psi-im>>psi>>Versions up to 0.12(inclusive)

cpe:2.3:a:psi-im:psi:*:*:*:*:*:*:*:*

psi-im>>psi>>0.1.0

cpe:2.3:a:psi-im:psi:0.1.0:*:*:*:*:*:*:*

psi-im>>psi>>0.8.6

cpe:2.3:a:psi-im:psi:0.8.6:*:*:*:*:*:*:*

psi-im>>psi>>0.8.7

cpe:2.3:a:psi-im:psi:0.8.7:*:*:*:*:*:*:*

psi-im>>psi>>0.9

cpe:2.3:a:psi-im:psi:0.9:*:*:*:*:*:*:*

psi-im>>psi>>0.9.1

cpe:2.3:a:psi-im:psi:0.9.1:*:*:*:*:*:*:*

psi-im>>psi>>0.9.2

cpe:2.3:a:psi-im:psi:0.9.2:*:*:*:*:*:*:*

psi-im>>psi>>0.9.3

cpe:2.3:a:psi-im:psi:0.9.3:*:*:*:*:*:*:*

psi-im>>psi>>0.11

cpe:2.3:a:psi-im:psi:0.11:*:*:*:*:*:*:*

jabber>>jabber_client>>*

cpe:2.3:a:jabber:jabber_client:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
CWE-189	Primary	nvd@nist.gov

CWE ID: CWE-189

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://bugs.gentoo.org/show_bug.cgi?id=252830	cve@mitre.org	Exploit
http://jolmos.blogspot.com/2008/12/psi-remote-integer-overflow.html	cve@mitre.org	N/A
http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html	cve@mitre.org	N/A
http://secunia.com/advisories/33311	cve@mitre.org	Vendor Advisory
http://secunia.com/advisories/34119	cve@mitre.org	N/A
http://secunia.com/advisories/34259	cve@mitre.org	N/A
http://secunia.com/advisories/34301	cve@mitre.org	N/A
http://sourceforge.net/project/shownotes.php?release_id=658912	cve@mitre.org	Patch
http://www.debian.org/security/2009/dsa-1741	cve@mitre.org	N/A
http://www.openwall.com/lists/oss-security/2009/02/25/5	cve@mitre.org	Exploit
http://www.securityfocus.com/archive/1/499563	cve@mitre.org	Exploit
https://www.exploit-db.com/exploits/7555	cve@mitre.org	N/A
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00071.html	cve@mitre.org	N/A
https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00080.html	cve@mitre.org	N/A

Hyperlink: http://bugs.gentoo.org/show_bug.cgi?id=252830

Source: cve@mitre.org

Resource:

Exploit

Hyperlink: http://jolmos.blogspot.com/2008/12/psi-remote-integer-overflow.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/33311

Source: cve@mitre.org

Resource:

Vendor Advisory

Hyperlink: http://secunia.com/advisories/34119

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/34259

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/34301

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://sourceforge.net/project/shownotes.php?release_id=658912

Source: cve@mitre.org

Resource:

Patch

Hyperlink: http://www.debian.org/security/2009/dsa-1741

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.openwall.com/lists/oss-security/2009/02/25/5

Source: cve@mitre.org

Resource:

Exploit

Hyperlink: http://www.securityfocus.com/archive/1/499563

Source: cve@mitre.org

Resource:

Exploit

Hyperlink: https://www.exploit-db.com/exploits/7555

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00071.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://www.redhat.com/archives/fedora-package-announce/2009-March/msg00080.html

Source: cve@mitre.org

Resource: N/A

Similar CVEs

53Records found

CVE-2007-6355

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-10||HIGH

EPSS-1.01% / 76.17%

7 Day CHG~0.00%

Published-18 Dec, 2007 | 20:00

Updated-07 Aug, 2024 | 16:02

Integer overflow in exiftags before 1.01 has unknown impact and attack vectors, resulting from a "field offset overflow" that triggers an "illegal memory access," a different vulnerability than CVE-2007-6354.

Vendor-aertherwide n/a

Product-exiftags n/a

CWE ID-CWE-189

Not Available

CVE-2007-6149

Matching Score-4

Assigner-MITRE Corporation

View Details

Matching Score-4

Assigner-MITRE Corporation

CVSS Score-10||HIGH

EPSS-31.10% / 96.59%

7 Day CHG~0.00%

Published-13 Feb, 2008 | 20:00

Updated-07 Aug, 2024 | 15:54

Multiple integer overflows in the Edge server in Adobe Flash Media Server 2 before 2.0.5, and Connect Enterprise Server 6 before SP3, allow remote attackers to execute arbitrary code via a Real Time Message Protocol (RTMP) message with a crafted integer field that is used for allocation.

Vendor-n/a Adobe Inc.

Product-connect_enterprise_server flash_media_server_2 n/a

CWE ID-CWE-189

Not Available

CVE-2008-1948

Matching Score-4

Assigner-Red Hat, Inc.

View Details

Matching Score-4

Assigner-Red Hat, Inc.

CVSS Score-10||HIGH

EPSS-23.88% / 95.80%

7 Day CHG~0.00%

Published-21 May, 2008 | 10:00

Updated-07 Aug, 2024 | 08:41

The _gnutls_server_name_recv_params function in lib/ext_server_name.c in libgnutls in gnutls-serv in GnuTLS before 2.2.4 does not properly calculate the number of Server Names in a TLS 1.0 Client Hello message during extension handling, which allows remote attackers to cause a denial of service (crash) or possibly execute arbitrary code via a zero value for the length of Server Names, which leads to a buffer overflow in session resumption data in the pack_security_parameters function, aka GNUTLS-SA-2008-1-1.

Vendor-n/a GNU

Product-gnutls n/a

CWE ID-CWE-189

Not Available

CVE-2008-6393

Credits

Vendors

Products

Metrics (CVSS)

Weaknesses

Attack Patterns

Solution/Workaround

References

EPSS History

Score

Latest Score

N/A

Percentile

Latest Percentile

N/A

Stakeholder-Specific Vulnerability Categorization (SSVC)

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

CISA Catalog

Metrics

CPE Matches

Weaknesses

Evaluator Description

Evaluator Impact

Evaluator Solution

Vendor Statements

References

Change History

Similar CVEs