| Vulnerability Name: | CVE-2007-4897 (CCN-36568) | ||||||||||||||||||||
| Assigned: | 2007-09-12 | ||||||||||||||||||||
| Published: | 2007-09-12 | ||||||||||||||||||||
| Updated: | 2018-10-15 | ||||||||||||||||||||
| Summary: | pwlib, as used by Ekiga 2.0.5 and possibly other products, allows remote attackers to cause a denial of service (application crash) via a long argument to the PString::vsprintf function, related to a "memory management flaw". Note: this issue was originally reported as being in the SIPURL::GetHostAddress function in Ekiga (formerly GnomeMeeting). | ||||||||||||||||||||
| CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P) 3.7 Low (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-399 | ||||||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Wed Sep 12 2007 - 04:37:01 CDT S21SEC-036-EN Ekiga <= 2.0.5 Denial of service Source: MISC Type: UNKNOWN http://blog.s21sec.com/2007/09/sobre-la-vulnerabilidad-del-ekiga.html Source: MITRE Type: CNA CVE-2007-4897 Source: CCN Type: Ekiga Web site Ekiga Source: FULLDISC Type: UNKNOWN 20070912 S21SEC-036-EN Ekiga <= 2.0.5 Denial of service Source: MISC Type: UNKNOWN http://openh323.cvs.sourceforge.net/openh323/opal/src/sip/sipcon.cxx?r1=2.120.2.25&r2=2.120.2.26&pathrev=v2_2_9 Source: CCN Type: RHSA-2007-0932 Moderate: pwlib security update Source: CCN Type: SA27127 PWLib "PString::vsprintf()" Denial of Service Vulnerability Source: SECUNIA Type: Vendor Advisory 27127 Source: SECUNIA Type: Vendor Advisory 27150 Source: SECUNIA Type: Vendor Advisory 27518 Source: SECUNIA Type: Vendor Advisory 28385 Source: SREASON Type: UNKNOWN 3138 Source: CCN Type: SECTRACK ID: 1018683 Ekiga SIPURL::GetHostAddress() Memory Corruption Bug Lets Remote Users Deny Service Source: MANDRIVA Type: UNKNOWN MDKSA-2007:206 Source: REDHAT Type: UNKNOWN RHSA-2007:0932 Source: MISC Type: UNKNOWN http://www.s21sec.com/avisos/s21sec-036-en.txt Source: BUGTRAQ Type: UNKNOWN 20070912 S21SEC-036-EN Ekiga <= 2.0.5 Denial of service Source: BID Type: UNKNOWN 25642 Source: CCN Type: BID-25642 Ekiga GetHostAddress Remote Denial of Service Vulnerability Source: SECTRACK Type: UNKNOWN 1018683 Source: CCN Type: USN-561-1 pwlib vulnerability Source: UBUNTU Type: UNKNOWN USN-561-1 Source: CONFIRM Type: UNKNOWN https://bugzilla.redhat.com/show_bug.cgi?id=292831 Source: XF Type: UNKNOWN ekiga-sipurlgethostaddress-dos(36568) Source: XF Type: UNKNOWN ekiga-sipurlgethostaddress-dos(36568) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:10928 | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1: Configuration RedHat 2: Configuration RedHat 3: Configuration RedHat 4:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||