[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2007-4897Date: (C)2007-09-14   (M)2023-12-22


pwlib, as used by Ekiga 2.0.5 and possibly other products, allows remote attackers to cause a denial of service (application crash) via a long argument to the PString::vsprintf function, related to a "memory management flaw". NOTE: this issue was originally reported as being in the SIPURL::GetHostAddress function in Ekiga (formerly GnomeMeeting).

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 5.0
Exploit Score: 10.0
Impact Score: 2.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: NONE
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECTRACK-1018683
http://www.securityfocus.com/archive/1/479185/100/0/threaded
BID-25642
SECUNIA-27127
SECUNIA-27150
SECUNIA-27518
SECUNIA-28385
SREASON-3138
MDKSA-2007:206
RHSA-2007:0932
USN-561-1
ekiga-sipurlgethostaddress-dos(36568)
http://blog.s21sec.com/2007/09/sobre-la-vulnerabilidad-del-ekiga.html
http://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sipcon.cxx?r1=2.120.2.25&r2=2.120.2.26&pathrev=v2_2_9
http://www.s21sec.com/avisos/s21sec-036-en.txt
https://bugzilla.redhat.com/show_bug.cgi?id=292831
oval:org.mitre.oval:def:10928

CWE    1
CWE-399

© SecPod Technologies