CVE-2007-5029
Dibbler 0.6.0 - Denial of Service via Buffer Over-Read in TSrvMsg Constructor
Title source: llmDescription
Dibbler 0.6.0 does not verify that certain length parameters are appropriate for buffer sizes, which allows remote attackers to trigger a buffer over-read and cause a denial of service (daemon crash), as demonstrated by incorrect behavior of the TSrvMsg constructor in SrvMessages/SrvMsg.cpp when (1) reading the option code and option length and (2) parsing options.
References (7)
Core 7
Core References
Mailing List mailing-list
x_refsource_fulldisc
http://lists.grok.org.uk/pipermail/full-disclosure/2007-September/065892.html
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/36685
Patch, Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/26876
Various Sources x_refsource_misc
http://klub.com.pl/dhcpv6/
Patch x_refsource_misc
http://labs.musecurity.com/wp-content/uploads/2007/09/mu-200709-02.txt
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/40569
Patch vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/25726
Scores
EPSS
0.0175
EPSS Percentile
75.2%
Details
CWE
CWE-119
CWE-189
CWE-20
Status
published
Products (1)
dibbler/dibbler
0.6.0
Published
Sep 21, 2007
Tracked Since
Feb 18, 2026