cpe:/a:dibbler:dibbler:0.6.0 CVE-2007-5030 2007-09-21T15:17:00.000-04:00 2017-07-28T21:33:21.147-04:00 5.0 NETWORK LOW NONE NONE NONE PARTIAL http://nvd.nist.gov 2007-09-24T11:44:00.000-04:00 FULLDISC 20070918 [MU-200709-02] Dibbler Remote Denial of Service Vulnerability BID 25726 SECUNIA 26876 OSVDB 40568 XF dibbler-optionlength-dos(36684) MISC http://labs.musecurity.com/wp-content/uploads/2007/09/mu-200709-02.txt Multiple integer overflows in Dibbler 0.6.0 allow remote attackers to cause a denial of service (daemon crash) via packets containing options with large lengths, which trigger attempts at excessive memory allocation, as demonstrated by (1) the TSrvMsg constructor in SrvMessages/SrvMsg.cpp; the (2) TClntMsg, (3) TClntOptIAAddress, (4) TClntOptIAPrefix, (5) TOptVendorSpecInfo, and (6) TOptOptionRequest constructors; and the (7) TRelIfaceMgr::decodeRelayRepl, (8) TRelMsg::decodeOpts, and (9) TSrvIfaceMgr::decodeRelayForw methods.