QwikSec

Security Database

CVE

CWE

Training

CVE-2007-5030

Published: Sep 21, 2007

Modified: Aug 7, 2024

PUBLISHED

Description

Multiple integer overflows in Dibbler 0.6.0 allow remote attackers to cause a denial of service (daemon crash) via packets containing options with large lengths, which trigger attempts at excessive memory allocation, as demonstrated by (1) the TSrvMsg constructor in SrvMessages/SrvMsg.cpp; the (2) TClntMsg, (3) TClntOptIAAddress, (4) TClntOptIAPrefix, (5) TOptVendorSpecInfo, and (6) TOptOptionRequest constructors; and the (7) TRelIfaceMgr::decodeRelayRepl, (8) TRelMsg::decodeOpts, and (9) TSrvIfaceMgr::decodeRelayForw methods.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

dibbler-optionlength-dos(36684)

vdb-entry

x_refsource_XF

20070918 [MU-200709-02] Dibbler Remote Denial of Service Vulnerability

mailing-list

x_refsource_FULLDISC

vdb-entry

x_refsource_OSVDB

third-party-advisory

x_refsource_SECUNIA

http://klub.com.pl/dhcpv6/

x_refsource_MISC

http://labs.musecurity.com/wp-content/uploads/2007/09/mu-200709-02.txt

x_refsource_MISC

vdb-entry

x_refsource_BID

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.