CVE-2008-2363

{"id": "CVE-2008-2363", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 9.3, "accessVector": "NETWORK", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "authentication": "NONE", "integrityImpact": "COMPLETE", "accessComplexity": "MEDIUM", "availabilityImpact": "COMPLETE", "confidentialityImpact": "COMPLETE"}, "acInsufInfo": false, "impactScore": 10.0, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 8.6, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}]}, "published": "2008-06-02T21:30:00.000", "references": [{"url": "http://bugs.gentoo.org/show_bug.cgi?id=224051", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://bugzilla.gnome.org/show_bug.cgi?id=535413", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://marc.info/?l=oss-security&m=121207185600564&w=2", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/30717", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://secunia.com/advisories/31315", "tags": ["Vendor Advisory"], "source": "secalert@redhat.com"}, {"url": "http://security.gentoo.org/glsa/glsa-200807-15.xml", "source": "secalert@redhat.com"}, {"url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:201", "source": "secalert@redhat.com"}, {"url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html", "source": "secalert@redhat.com"}, {"url": "http://www.securityfocus.com/bid/29421", "tags": ["Patch"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=446902", "source": "secalert@redhat.com"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42750", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "The PartsBatch class in Pan 0.132 and earlier does not properly manage the data structures for Parts batches, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .nzb file that triggers a heap-based buffer overflow."}, {"lang": "es", "value": "La clase PartsBatch en Pan versi\u00f3n 0.132 y anteriores, no gestiona apropiadamente las estructuras de datos para lotes de Parts, lo que permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo arbitrario por medio de un archivo .nzb dise\u00f1ado que activa un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria."}], "lastModified": "2017-08-08T01:30:59.043", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:pan:pan:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8C0BCC82-DE99-4C9D-A165-9FBD7DE3148D", "versionEndIncluding": "0.132"}, {"criteria": "cpe:2.3:a:pan:pan:0.105:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4C2DEFDB-0430-4A24-9410-5AA5A8D6E6F1"}, {"criteria": "cpe:2.3:a:pan:pan:0.106:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D56435AD-8216-401A-8F2F-86DA27BFE7DD"}, {"criteria": "cpe:2.3:a:pan:pan:0.107:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D96A12C-3BAB-47CB-88FB-F15AC0F078BD"}, {"criteria": "cpe:2.3:a:pan:pan:0.108:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1C0A4FC9-28B9-4562-8FD3-7399A75BC38B"}, {"criteria": "cpe:2.3:a:pan:pan:0.109:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F8177221-6E52-4B0B-A521-DCD522120CA8"}, {"criteria": "cpe:2.3:a:pan:pan:0.110:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7D658A45-3886-429C-B8BC-F36DD5247D83"}, {"criteria": "cpe:2.3:a:pan:pan:0.111:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBD5C3F5-D748-47A3-8471-18491EAB0852"}, {"criteria": "cpe:2.3:a:pan:pan:0.112:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E1F1444F-8290-4589-B37A-411D024740C8"}, {"criteria": "cpe:2.3:a:pan:pan:0.113:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C48373A9-FFF9-46C0-9A0F-E180DAFEE7E3"}, {"criteria": "cpe:2.3:a:pan:pan:0.114:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BDDF3558-EE2F-4710-B8A0-E38C686474BA"}, {"criteria": "cpe:2.3:a:pan:pan:0.115:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "06B19920-0911-4078-A646-517AA8F4C933"}, {"criteria": "cpe:2.3:a:pan:pan:0.116:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6FA1ED5-1252-4711-8244-2D1E6800147C"}, {"criteria": "cpe:2.3:a:pan:pan:0.117:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "062159F1-4094-4355-8EAB-9BECD1F469AD"}, {"criteria": "cpe:2.3:a:pan:pan:0.118:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "951B12B7-7313-4200-AB5D-F70065502722"}, {"criteria": "cpe:2.3:a:pan:pan:0.119:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4DD8557F-4FAD-4EEC-9EC3-041BBE437E2D"}, {"criteria": "cpe:2.3:a:pan:pan:0.120:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "97B76EC9-B238-42E4-90CE-F35F039B782F"}, {"criteria": "cpe:2.3:a:pan:pan:0.121:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "08FC4F0B-B92E-4C9E-8DA9-4B5782C2359B"}, {"criteria": "cpe:2.3:a:pan:pan:0.122:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B8901478-3413-43E7-A21E-28F920E12B2E"}, {"criteria": "cpe:2.3:a:pan:pan:0.123:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8D185E00-F55D-4101-9952-D35D49B15ECB"}, {"criteria": "cpe:2.3:a:pan:pan:0.124:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D878570C-D363-4E37-8581-A76DC5DBB370"}, {"criteria": "cpe:2.3:a:pan:pan:0.125:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "515419E8-50F6-454D-8224-9EE4CEA40ED9"}, {"criteria": "cpe:2.3:a:pan:pan:0.126:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "DA214133-C80D-47AA-B8AC-F79FB2BE6779"}, {"criteria": "cpe:2.3:a:pan:pan:0.127:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "43BEFDEE-C200-48BF-94D2-B74070178546"}, {"criteria": "cpe:2.3:a:pan:pan:0.128:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "868189F7-3A9C-4318-84E4-6F455AB99E6A"}, {"criteria": "cpe:2.3:a:pan:pan:0.129:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "709FCD8C-F8CC-4604-8ED2-DCBDC7CE59E2"}, {"criteria": "cpe:2.3:a:pan:pan:0.130:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B982CC3C-90D7-4F62-A6D3-990F3C33D7AF"}, {"criteria": "cpe:2.3:a:pan:pan:0.131:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D58629D2-E6B3-462E-8C0C-C8307EE85835"}], "operator": "OR"}]}], "vendorComments": [{"comment": "Not vulnerable. This issue did not affect the versions of pan as shipped with Red Hat Enterprise Linux 2.1. No other versions of Red Hat Enterprise Linux have shipped Pan.", "lastModified": "2008-06-03T00:00:00", "organization": "Red Hat"}], "sourceIdentifier": "secalert@redhat.com"}