CVE-2008-3680

{"id": "CVE-2008-3680", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2008-08-14T19:41:00.000", "references": [{"url": "http://aluigi.altervista.org/adv/ventrilobotomy-adv.txt", "source": "cve@mitre.org"}, {"url": "http://aluigi.org/poc/ventrilobotomy.zip", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/31466", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "http://secunia.com/advisories/34696", "source": "cve@mitre.org"}, {"url": "http://security.gentoo.org/glsa/glsa-200904-13.xml", "source": "cve@mitre.org"}, {"url": "http://securityreason.com/securityalert/4156", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/archive/1/495448/100/0/threaded", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/30675", "tags": ["Exploit"], "source": "cve@mitre.org"}, {"url": "http://www.vupen.com/english/advisories/2008/2365", "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/44428", "source": "cve@mitre.org"}, {"url": "https://www.exploit-db.com/exploits/6237", "source": "cve@mitre.org"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-20"}]}], "descriptions": [{"lang": "en", "value": "The decryption function in Flagship Industries Ventrilo 3.0.2 and earlier allows remote attackers to cause a denial of service (NULL pointer dereference and server crash) by sending a type 0 packet with an invalid version followed by another packet to TCP port 3784."}, {"lang": "es", "value": "La funci\u00f3n de descifrado en Flagship Industries Ventrilo en versiones 3.0.2 y anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (desreferencia a un puntero NULL y la ca\u00edda del servidor) mediante el env\u00edo de un paquete de tipo 0 con una versi\u00f3n no v\u00e1lida seguida por otro paquete al puerto TCP 3784."}], "lastModified": "2018-10-11T20:49:23.760", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:flagship_industries:ventrilo:1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD7B8FAB-4CC7-46D1-AEED-6981A1DF7282"}, {"criteria": "cpe:2.3:a:flagship_industries:ventrilo:1.01:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4CF15DB2-0064-4341-BFD5-FBFDCA50671C"}, {"criteria": "cpe:2.3:a:flagship_industries:ventrilo:1.03:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3E09F3E6-3E2C-41FA-8182-323731B8358E"}, {"criteria": "cpe:2.3:a:flagship_industries:ventrilo:1.04:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "9CCAE281-2997-47DA-8363-B605B436A0B0"}, {"criteria": "cpe:2.3:a:flagship_industries:ventrilo:1.05:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B687251C-A052-45E7-B360-89428078DE28"}, {"criteria": "cpe:2.3:a:flagship_industries:ventrilo:1.06:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "822097D0-92A7-4FCA-B5CF-D0E4174DA953"}, {"criteria": "cpe:2.3:a:flagship_industries:ventrilo:2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "98AC732A-41D2-4357-8741-9F6AD56269F3"}, {"criteria": "cpe:2.3:a:flagship_industries:ventrilo:2.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D65B6E36-91D0-47D2-8ABA-52D5ED6B960C"}, {"criteria": "cpe:2.3:a:flagship_industries:ventrilo:2.1.1:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "599708E5-B452-41E9-959F-FB79D5E96A25"}, {"criteria": "cpe:2.3:a:flagship_industries:ventrilo:2.1.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AD449C35-6329-4B4B-82A1-A2DEBDEBB069"}, {"criteria": "cpe:2.3:a:flagship_industries:ventrilo:2.1.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "661639F3-8875-41DB-8BCF-9569681632E3"}, {"criteria": "cpe:2.3:a:flagship_industries:ventrilo:2.1.4:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "44347E50-1B1E-43FA-8B72-3C942C9BBE39"}, {"criteria": "cpe:2.3:a:flagship_industries:ventrilo:2.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "51BE24F8-B859-41CA-9EF3-2358A33F6491"}, {"criteria": "cpe:2.3:a:flagship_industries:ventrilo:2.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B73A1EF7-0462-4EDB-9D78-6BDA5D978F9E"}, {"criteria": "cpe:2.3:a:flagship_industries:ventrilo:2.3.2:prototype.6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "02208E19-32E6-45A5-8233-0B1D238289D5"}, {"criteria": "cpe:2.3:a:flagship_industries:ventrilo:2.3.2:prototype.9:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FA004CF1-4765-4E6A-8426-30DC7604FC7B"}, {"criteria": "cpe:2.3:a:flagship_industries:ventrilo:3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C0A33D6B-D458-49E2-A5BC-619103A01755"}, {"criteria": "cpe:2.3:a:flagship_industries:ventrilo:3.0.2:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "4EB3ED83-34D8-4A1E-A89D-F19FBA28D74A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}