CVE-2007-4535 - OpenCVE

The VStr::Resize function in str.cpp in Vavoom 1.24 and earlier allows remote attackers to cause a denial of service (daemon crash) via a string with a negative NewLen value within a certain UDP packet that triggers an assertion error.

No CVSS v4.0

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Medium

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Partial

AV:N/AC:M/Au:N/C:N/I:N/A:P

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Vavoom	Vavoom

Configuration 1 [-]

cpe:2.3:a:vavoom:vavoom:*:*:*:*:*:*:*:*

No data.

References

Link	Providers
http://aluigi.altervista.org/adv/vaboom2-adv.txt
http://secunia.com/advisories/26554
http://secunia.com/advisories/26701
http://securityreason.com/securityalert/3057
http://www.securityfocus.com/bid/25436
https://bugzilla.redhat.com/show_bug.cgi?id=256621
https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00094.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2007-08-25T00:00:00

Updated: 2024-08-07T15:01:09.675Z

Reserved: 2007-08-24T00:00:00

Link: CVE-2007-4535

Vulnrichment

No data.

NVD

Status : Analyzed

Published: 2007-08-25T00:17:00.000

Modified: 2008-09-05T21:28:28.160

Link: CVE-2007-4535

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2007-08-23T00:00:00", "descriptions": [{"lang": "en", "value": "The VStr::Resize function in str.cpp in Vavoom 1.24 and earlier allows remote attackers to cause a denial of service (daemon crash) via a string with a negative NewLen value within a certain UDP packet that triggers an assertion error."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2007-11-28T10:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "26701", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26701"}, {"tags": ["x_refsource_MISC"], "url": "http://aluigi.altervista.org/adv/vaboom2-adv.txt"}, {"name": "FEDORA-2007-1977", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00094.html"}, {"name": "3057", "tags": ["third-party-advisory", "x_refsource_SREASON"], "url": "http://securityreason.com/securityalert/3057"}, {"tags": ["x_refsource_MISC"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=256621"}, {"name": "26554", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/26554"}, {"name": "25436", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/25436"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2007-4535", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "The VStr::Resize function in str.cpp in Vavoom 1.24 and earlier allows remote attackers to cause a denial of service (daemon crash) via a string with a negative NewLen value within a certain UDP packet that triggers an assertion error."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "26701", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26701"}, {"name": "http://aluigi.altervista.org/adv/vaboom2-adv.txt", "refsource": "MISC", "url": "http://aluigi.altervista.org/adv/vaboom2-adv.txt"}, {"name": "FEDORA-2007-1977", "refsource": "FEDORA", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00094.html"}, {"name": "3057", "refsource": "SREASON", "url": "http://securityreason.com/securityalert/3057"}, {"name": "https://bugzilla.redhat.com/show_bug.cgi?id=256621", "refsource": "MISC", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=256621"}, {"name": "26554", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/26554"}, {"name": "25436", "refsource": "BID", "url": "http://www.securityfocus.com/bid/25436"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T15:01:09.675Z"}, "title": "CVE Program Container", "references": [{"name": "26701", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26701"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "http://aluigi.altervista.org/adv/vaboom2-adv.txt"}, {"name": "FEDORA-2007-1977", "tags": ["vendor-advisory", "x_refsource_FEDORA", "x_transferred"], "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00094.html"}, {"name": "3057", "tags": ["third-party-advisory", "x_refsource_SREASON", "x_transferred"], "url": "http://securityreason.com/securityalert/3057"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=256621"}, {"name": "26554", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/26554"}, {"name": "25436", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/25436"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2007-4535", "datePublished": "2007-08-25T00:00:00", "dateReserved": "2007-08-24T00:00:00", "dateUpdated": "2024-08-07T15:01:09.675Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vavoom:vavoom:*:*:*:*:*:*:*:*", "matchCriteriaId": "D9252DAC-8E8D-4DDF-A482-F71FD49DA881", "versionEndIncluding": "1.24", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The VStr::Resize function in str.cpp in Vavoom 1.24 and earlier allows remote attackers to cause a denial of service (daemon crash) via a string with a negative NewLen value within a certain UDP packet that triggers an assertion error."}, {"lang": "es", "value": "La funci\u00f3n VThinker::BroadcastPrintf en p_thinker.cpp de Vavoom 1.24 y versiones anteriores permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda de demonio) mediante una cadena con un valor NewLen negativo dentro de un determinado paquete UDP que dispara un error de aserci\u00f3n."}], "id": "CVE-2007-4535", "lastModified": "2008-09-05T21:28:28.160", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 4.3, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2007-08-25T00:17:00.000", "references": [{"source": "cve@mitre.org", "url": "http://aluigi.altervista.org/adv/vaboom2-adv.txt"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/26554"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/26701"}, {"source": "cve@mitre.org", "url": "http://securityreason.com/securityalert/3057"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/25436"}, {"source": "cve@mitre.org", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=256621"}, {"source": "cve@mitre.org", "url": "https://www.redhat.com/archives/fedora-package-announce/2007-September/msg00094.html"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}