The PartsBatch class in Pan 0.132 and earlier does not properly manage the data structures for Parts batches, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .nzb file that triggers a heap-based buffer overflow.
| Date Added | Due Date | Vulnerability Name | Required Action |
|---|---|---|---|
| N/A |
| Type | Version | Base score | Base severity | Vector |
|---|---|---|---|---|
| Primary | 2.0 | 9.3 | HIGH | AV:N/AC:M/Au:N/C:C/I:C/A:C |
Not vulnerable. This issue did not affect the versions of pan as shipped with Red Hat Enterprise Linux 2.1. No other versions of Red Hat Enterprise Linux have shipped Pan.
| Hyperlink | Source | Resource |
|---|---|---|
| http://bugs.gentoo.org/show_bug.cgi?id=224051 | secalert@redhat.com | Patch |
| http://bugzilla.gnome.org/show_bug.cgi?id=535413 | secalert@redhat.com | Patch |
| http://marc.info/?l=oss-security&m=121207185600564&w=2 | secalert@redhat.com | Patch |
| http://secunia.com/advisories/30717 | secalert@redhat.com | Vendor Advisory |
| http://secunia.com/advisories/31315 | secalert@redhat.com | Vendor Advisory |
| http://security.gentoo.org/glsa/glsa-200807-15.xml | secalert@redhat.com | N/A |
| http://www.mandriva.com/security/advisories?name=MDVSA-2008:201 | secalert@redhat.com | N/A |
| http://www.novell.com/linux/security/advisories/2008_13_sr.html | secalert@redhat.com | N/A |
| http://www.securityfocus.com/bid/29421 | secalert@redhat.com | Patch |
| https://bugzilla.redhat.com/show_bug.cgi?id=446902 | secalert@redhat.com | N/A |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/42750 | secalert@redhat.com | N/A |