CVE-2008-2382

EUVD-2008-2377
The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 95%
Affected Products (NVD)
VendorProductVersion
qemuqemu
𝑥
≤ 0.9.1
qemuqemu
0.1.0
qemuqemu
0.1.1
qemuqemu
0.1.2
qemuqemu
0.1.3
qemuqemu
0.1.4
qemuqemu
0.1.5
qemuqemu
0.1.6
qemuqemu
0.2.0
qemuqemu
0.3.0
qemuqemu
0.4.0
qemuqemu
0.4.1
qemuqemu
0.4.2
qemuqemu
0.4.3
qemuqemu
0.5.0
qemuqemu
0.5.1
qemuqemu
0.5.2
qemuqemu
0.5.3
qemuqemu
0.5.4
qemuqemu
0.5.5
qemuqemu
0.6.0
qemuqemu
0.6.1
qemuqemu
0.7.0
qemuqemu
0.7.1
qemuqemu
0.7.2
qemuqemu
0.8.0
qemuqemu
0.8.1
qemuqemu
0.8.2
qemuqemu
0.9.0
kvm_qumranetkvm
𝑥
≤ 79
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
qemu
bookworm
1:7.2+dfsg-7+deb12u7
fixed
bullseye
1:5.2+dfsg-11+deb11u3
fixed
bullseye (security)
1:5.2+dfsg-11+deb11u2
fixed
etch
not-affected
sid
1:9.1.1+ds-2
fixed
trixie
1:9.1.1+ds-2
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
kvm
dapper
dne
gutsy
ignored
hardy
Fixed 1:62+dfsg-0ubuntu8.1
released
intrepid
Fixed 1:72+dfsg-1ubuntu6.1
released
jaunty
not-affected
karmic
dne
lucid
dne
maverick
dne
natty
dne
oneiric
dne
qemu
dapper
ignored
gutsy
ignored
hardy
ignored
intrepid
ignored
jaunty
ignored
karmic
dne
lucid
dne
maverick
dne
natty
dne
oneiric
dne
qemu-kvm
dapper
dne
hardy
dne
intrepid
dne
jaunty
dne
karmic
not-affected
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
not-affected
xen-3.0
dapper
dne
gutsy
dne
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
lucid
dne
maverick
dne
natty
dne
oneiric
dne
xen-3.1
dapper
dne
gutsy
not-affected
hardy
not-affected
intrepid
not-affected
jaunty
dne
karmic
dne
lucid
dne
maverick
dne
natty
dne
oneiric
dne
xen-3.2
dapper
dne
gutsy
dne
hardy
not-affected
intrepid
dne
jaunty
dne
karmic
dne
lucid
dne
maverick
dne
natty
dne
oneiric
dne
xen-3.3
dapper
dne
gutsy
dne
hardy
dne
intrepid
not-affected
jaunty
not-affected
karmic
not-affected
lucid
not-affected
maverick
not-affected
natty
not-affected
oneiric
dne
xen-unstable
dapper
dne
gutsy
not-affected
hardy
dne
intrepid
dne
jaunty
dne
karmic
dne
lucid
dne
maverick
dne
natty
dne
oneiric
dne
Common Weakness Enumeration
References
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
http://secunia.com/advisories/33293
http://secunia.com/advisories/33303
http://secunia.com/advisories/33350
http://secunia.com/advisories/33568
http://secunia.com/advisories/34642
http://secunia.com/advisories/35062
http://securityreason.com/securityalert/4803
http://securitytracker.com/id?1021488
http://securitytracker.com/id?1021489
http://www.coresecurity.com/content/vnc-remote-dos
http://www.securityfocus.com/archive/1/499502/100/0/threaded
http://www.securityfocus.com/bid/32910
http://www.ubuntu.com/usn/usn-776-1
http://www.vupen.com/english/advisories/2008/3488
http://www.vupen.com/english/advisories/2008/3489
https://exchange.xforce.ibmcloud.com/vulnerabilities/47561
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
http://secunia.com/advisories/33293
http://secunia.com/advisories/33303
http://secunia.com/advisories/33350
http://secunia.com/advisories/33568
http://secunia.com/advisories/34642
http://secunia.com/advisories/35062
http://securityreason.com/securityalert/4803
http://securitytracker.com/id?1021488
http://securitytracker.com/id?1021489
http://www.coresecurity.com/content/vnc-remote-dos
http://www.securityfocus.com/archive/1/499502/100/0/threaded
http://www.securityfocus.com/bid/32910
http://www.ubuntu.com/usn/usn-776-1
http://www.vupen.com/english/advisories/2008/3488
http://www.vupen.com/english/advisories/2008/3489
https://exchange.xforce.ibmcloud.com/vulnerabilities/47561
https://www.redhat.com/archives/fedora-package-announce/2008-December/msg01223.html