VDB
CVE-2008-2382
CVE-2008-2382
PUBLISHED
CVSS 5 MEDIUM
The protocol_client_msg function in vnc.c in the VNC server in (1) Qemu 0.9.1 and earlier and (2) KVM kvm-79 and earlier allows remote attackers to cause a denial of service (infinite loop) via a certain message.
EPSS 21.40% · 95.8th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
21.40%
95.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| kvm_qumranet | kvm | 38, 42, 36 |
| n/a | n/a | n/a |
| qemu | qemu | 0.1.3, 0.1.4, 0.1.6 |
Exploit Intelligence
- CIRCL confirmed: CVE-2008-2382 (circl-sighting)
- http://www.coresecurity.com/content/vnc-remote-dos (circl)
- SUSE-SR:2009:002 (circl)
- ADV-2008-3488 (circl)
- 35062 (circl)
- 33303 (circl)
- 34642 (circl)
- 33293 (circl)
- USN-776-1 (circl)
- 4803 (circl)
…and 10 more exploits
Timeline
- Dec 22, 2008 PoC Published
- Dec 24, 2008 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- 35062 third-party-advisory
- 1021489 vdb
- 4803 third-party-advisory
- ADV-2008-3488 vdb
- FEDORA-2008-11705 vendor-advisory
- 33303 third-party-advisory
- 34642 third-party-advisory
- 33293 third-party-advisory
- USN-776-1 vendor-advisory
- 33350 third-party-advisory
- http://www.coresecurity.com/content/vnc-remote-dos url
- SUSE-SR:2009:002 vendor-advisory
- 33568 third-party-advisory
- SUSE-SR:2009:008 vendor-advisory
- 20081222 CORE-2008-1210: Qemu and KVM VNC server remote DoS mailing-list
- 1021488 vdb
- 32910 vdb
- ADV-2008-3489 vdb
- qemu-kvm-protocolclientmsg-dos(47561) vdb
- https://nvd.nist.gov/vuln/detail/CVE-2008-2382 advisory