CVE-2008-2364 – httpd: mod_proxy_http DoS via excessive interim responses from the origin server
https://notcve.org/view.php?id=CVE-2008-2364
The ap_proxy_http_process_response function in mod_proxy_http.c in the mod_proxy module in the Apache HTTP Server 2.0.63 and 2.2.8 does not limit the number of forwarded interim responses, which allows remote HTTP servers to cause a denial of service (memory consumption) via a large number of interim responses. La función ap_proxy_http_process_response en mod_proxy_http.c en el modulo mod_proxy en el Servidor HTTP Apache 2.0.63 y 2.2.8 no limita el número de respuestas de desvío provisionales, lo que permite a servidores HTTP causar una denegación de servicio (memory consumption) a través de un gran número de respuestas provisionales. • http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c01539432 http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00001.html http://lists.opensuse.org/opensuse-security-announce/2009-03/msg00004.html http://marc.info/?l=bugtraq&m=123376588623823&w=2 http://marc.info/?l=bugtraq&m=125631037611762&w=2 http://rhn.redhat.com/errata/RHSA-2008-0967.html http://secunia.com/advisories/30621 • CWE-770: Allocation of Resources Without Limits or Throttling •
CVE-2008-1767 – libxslt XSL 1.1.23 - File Processing Buffer Overflow
https://notcve.org/view.php?id=CVE-2008-1767
Buffer overflow in pattern.c in libxslt before 1.1.24 allows context-dependent attackers to cause a denial of service (crash) and possibly execute arbitrary code via an XSL style sheet file with a long XSLT "transformation match" condition that triggers a large number of steps. Vulnerabilidad de desbordamiento de búfer en pattern.c en libxslt anteriores a 1.1.24, permiten a atacantes, dependiendo del contexto, provocar una denegación de servicio (caída) y posiblemente ejecutar código arbitrario a través de un fichero de hoja de estilo XSL con una condición "transformation match" XSLT larga que dispara un número grande de pasos. • https://www.exploit-db.com/exploits/31815 http://bugzilla.gnome.org/show_bug.cgi?id=527297 http://lists.apple.com/archives/security-announce//2008/Nov/msg00001.html http://lists.apple.com/archives/security-announce/2008//Jul/msg00001.html http://lists.apple.com/archives/security-announce/2008/Oct/msg00001.html http://secunia.com/advisories/30315 http://secunia.com/advisories/30323 http://secunia.com/advisories/30393 http://secunia.com/advisories/30521 http://secunia.com/ • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVE-2008-1423 – vorbis: integer oveflow caused by huge codebooks
https://notcve.org/view.php?id=CVE-2008-1423
Integer overflow in a certain quantvals and quantlist calculation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted OGG file with a large virtual space for its codebook, which triggers a heap overflow. Desbordamiento de entero en ciertos cálculos quantvals y quantlist de Xiph.org libvorbis 1.2.0 y versiones anteriores permite a atacantes remotos provocar una denegación de servicio (caída) o ejecutar código de su elección a través de ficheros OGG manipulados con un espacio virtual largo de su codebook, lo cual dispara un desbordamiento heap. • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html http://secunia.com/advisories/30234 http://secunia.com/advisories/30237 http://secunia.com/advisories/30247 http://secunia.com/advisories/30259 http://secunia.com/advisories/30479 http://secunia.com/advisories/30581 http://secunia.com/advisories/30820 http://secunia.com/advisories/32946 http://security.gentoo.org/glsa/glsa-200806-09.xml http://www.debian.org/security/2008/dsa-1591 http://www.mandri • CWE-122: Heap-based Buffer Overflow CWE-189: Numeric Errors •
CVE-2008-1420 – vorbis: integer overflow in partvals computation
https://notcve.org/view.php?id=CVE-2008-1420
Integer overflow in residue partition value (aka partvals) evaluation in Xiph.org libvorbis 1.2.0 and earlier allows remote attackers to execute arbitrary code via a crafted OGG file, which triggers a heap overflow. Desbordamiento de entero en la evaluación de valores en la partición de residuos (también conocido como partvals) en Xiph.org libvorbis 1.2.0 y versiones anteriores permite a atacantes remotos ejecutar código de su elección a través de ficheros OGG manipulados, lo cual dispara un desbordamiento heap. • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html http://secunia.com/advisories/30234 http://secunia.com/advisories/30237 http://secunia.com/advisories/30247 http://secunia.com/advisories/30259 http://secunia.com/advisories/30479 http://secunia.com/advisories/30581 http://secunia.com/advisories/30820 http://secunia.com/advisories/32946 http://secunia.com/advisories/36463 http://security.gentoo.org/glsa/glsa-200806-09.xml http://www.debian.org/security • CWE-189: Numeric Errors CWE-190: Integer Overflow or Wraparound •
CVE-2008-1419 – vorbis: zero-dim codebooks can cause crash, infinite loop or heap overflow
https://notcve.org/view.php?id=CVE-2008-1419
Xiph.org libvorbis 1.2.0 and earlier does not properly handle a zero value for codebook.dim, which allows remote attackers to cause a denial of service (crash or infinite loop) or trigger an integer overflow. Xiph.org libvorbis 1.2.0 y versiones anteriores no maneja apropiadamente un valor cero de codebook.dim, lo cual permite a atacantes remotos provocar una denegación de servicio (caída o bucle infinito) o disparar un desbordamiento de entero. • http://lists.opensuse.org/opensuse-security-announce/2008-06/msg00001.html http://secunia.com/advisories/30234 http://secunia.com/advisories/30237 http://secunia.com/advisories/30247 http://secunia.com/advisories/30259 http://secunia.com/advisories/30479 http://secunia.com/advisories/30581 http://secunia.com/advisories/30820 http://secunia.com/advisories/32946 http://security.gentoo.org/glsa/glsa-200806-09.xml http://www.debian.org/security/2008/dsa-1591 http://www.mandri • CWE-20: Improper Input Validation CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •