Back to search
CVE-2006-2093
Published: Apr 29, 2006
Modified: Aug 7, 2024
PUBLISHED
Description
Nessus before 2.2.8, and 3.x before 3.0.3, allows user-assisted attackers to cause a denial of service (memory consumption) via a NASL script that calls split with an invalid sep parameter. NOTE: a design goal of the NASL language is to facilitate sharing of security tests by guaranteeing that a script "can not do anything nasty." This issue is appropriate for CVE only if Nessus users have an expectation that a split statement will not use excessive memory.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
20060425 NASL 'Split' function Buffer overflow Vulnerability
mailing-list
x_refsource_BUGTRAQ
USN-279-1
vendor-advisory
x_refsource_UBUNTU
20060425 Re: NASL 'Split' function Buffer overflow Vulnerability
mailing-list
x_refsource_BUGTRAQ
817
third-party-advisory
x_refsource_SREASON
ADV-2006-1541
vdb-entry
x_refsource_VUPEN
20060425 Re: NASL 'Split' function Buffer overflow Vulnerability
mailing-list
x_refsource_BUGTRAQ
nessus-nasl-split-dos(26034)
vdb-entry
x_refsource_XF
1015996
vdb-entry
x_refsource_SECTRACK
25084
vdb-entry
x_refsource_OSVDB
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now