CVE-2008-2363

The PartsBatch class in Pan 0.132 and earlier does not properly manage the data structures for Parts batches, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .nzb file that triggers a heap-based buffer overflow.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
9.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:C/I:C/A:C
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 91%
VendorProductVersion
panpan
𝑥
≤ 0.132
panpan
0.105
panpan
0.106
panpan
0.107
panpan
0.108
panpan
0.109
panpan
0.110
panpan
0.111
panpan
0.112
panpan
0.113
panpan
0.114
panpan
0.115
panpan
0.116
panpan
0.117
panpan
0.118
panpan
0.119
panpan
0.120
panpan
0.121
panpan
0.122
panpan
0.123
panpan
0.124
panpan
0.125
panpan
0.126
panpan
0.127
panpan
0.128
panpan
0.129
panpan
0.130
panpan
0.131
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
pan
bullseye
0.146-2
fixed
etch
not-affected
bookworm
0.154-1
fixed
trixie
0.160-1
fixed
sid
0.161-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
pan
jaunty
not-affected
intrepid
not-affected
hardy
Fixed 0.132-2ubuntu2.1
released
gutsy
ignored
feisty
ignored
dapper
ignored
Common Weakness Enumeration
References
http://bugs.gentoo.org/show_bug.cgi?id=224051
http://bugzilla.gnome.org/show_bug.cgi?id=535413
http://marc.info/?l=oss-security&m=121207185600564&w=2
http://secunia.com/advisories/30717
http://secunia.com/advisories/31315
http://security.gentoo.org/glsa/glsa-200807-15.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:201
http://www.novell.com/linux/security/advisories/2008_13_sr.html
http://www.securityfocus.com/bid/29421
https://bugzilla.redhat.com/show_bug.cgi?id=446902
https://exchange.xforce.ibmcloud.com/vulnerabilities/42750
http://bugs.gentoo.org/show_bug.cgi?id=224051
http://bugzilla.gnome.org/show_bug.cgi?id=535413
http://marc.info/?l=oss-security&m=121207185600564&w=2
http://secunia.com/advisories/30717
http://secunia.com/advisories/31315
http://security.gentoo.org/glsa/glsa-200807-15.xml
http://www.mandriva.com/security/advisories?name=MDVSA-2008:201
http://www.novell.com/linux/security/advisories/2008_13_sr.html
http://www.securityfocus.com/bid/29421
https://bugzilla.redhat.com/show_bug.cgi?id=446902
https://exchange.xforce.ibmcloud.com/vulnerabilities/42750