CVE-2008-5714
Qemu 0.9.1 - VNC Password Length Reduction via Off-by-One Error
Title source: llmDescription
Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.
References (12)
Core 12
Core References
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47683
Various Sources x_refsource_confirm
http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5966
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/usn-776-1
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
Various Sources x_refsource_confirm
http://svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu&r1=5966&r2=5965&pathrev=5966
Various Sources mailing-list
x_refsource_mlist
http://lists.gnu.org/archive/html/qemu-devel/2008-12/msg00498.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/35062
Various Sources mailing-list
x_refsource_mlist
http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/34642
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/33020
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/33568
Scores
EPSS
0.0075
EPSS Percentile
73.3%
Details
CWE
CWE-189
Status
published
Products (1)
qemu/qemu
0.9.1
Published
Dec 24, 2008
Tracked Since
Feb 18, 2026