{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2008-05-29T00:00:00", "descriptions": [{"lang": "en", "value": "The PartsBatch class in Pan 0.132 and earlier does not properly manage the data structures for Parts batches, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .nzb file that triggers a heap-based buffer overflow."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2017-08-07T12:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "29421", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/29421"}, {"name": "GLSA-200807-15", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200807-15.xml"}, {"name": "MDVSA-2008:201", "tags": ["vendor-advisory", "x_refsource_MANDRIVA"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:201"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=446902"}, {"name": "31315", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/31315"}, {"name": "pan-nzb-bo(42750)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42750"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=224051"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://bugzilla.gnome.org/show_bug.cgi?id=535413"}, {"name": "[oss-security] 20080529 CVE-2008-2363: pan - heap overflow", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "http://marc.info/?l=oss-security&m=121207185600564&w=2"}, {"name": "SUSE-SR:2008:013", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html"}, {"name": "30717", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/30717"}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T08:58:01.878Z"}, "title": "CVE Program Container", "references": [{"name": "29421", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/29421"}, {"name": "GLSA-200807-15", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "http://security.gentoo.org/glsa/glsa-200807-15.xml"}, {"name": "MDVSA-2008:201", "tags": ["vendor-advisory", "x_refsource_MANDRIVA", "x_transferred"], "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:201"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=446902"}, {"name": "31315", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/31315"}, {"name": "pan-nzb-bo(42750)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42750"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=224051"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://bugzilla.gnome.org/show_bug.cgi?id=535413"}, {"name": "[oss-security] 20080529 CVE-2008-2363: pan - heap overflow", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "http://marc.info/?l=oss-security&m=121207185600564&w=2"}, {"name": "SUSE-SR:2008:013", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html"}, {"name": "30717", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/30717"}]}]}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2008-2363", "datePublished": "2008-06-02T14:00:00", "dateReserved": "2008-05-21T00:00:00", "dateUpdated": "2024-08-07T08:58:01.878Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:pan:pan:*:*:*:*:*:*:*:*", "matchCriteriaId": "8C0BCC82-DE99-4C9D-A165-9FBD7DE3148D", "versionEndIncluding": "0.132", "vulnerable": true}, {"criteria": "cpe:2.3:a:pan:pan:0.105:*:*:*:*:*:*:*", "matchCriteriaId": "4C2DEFDB-0430-4A24-9410-5AA5A8D6E6F1", "vulnerable": true}, {"criteria": "cpe:2.3:a:pan:pan:0.106:*:*:*:*:*:*:*", "matchCriteriaId": "D56435AD-8216-401A-8F2F-86DA27BFE7DD", "vulnerable": true}, {"criteria": "cpe:2.3:a:pan:pan:0.107:*:*:*:*:*:*:*", "matchCriteriaId": "7D96A12C-3BAB-47CB-88FB-F15AC0F078BD", "vulnerable": true}, {"criteria": "cpe:2.3:a:pan:pan:0.108:*:*:*:*:*:*:*", "matchCriteriaId": "1C0A4FC9-28B9-4562-8FD3-7399A75BC38B", "vulnerable": true}, {"criteria": "cpe:2.3:a:pan:pan:0.109:*:*:*:*:*:*:*", "matchCriteriaId": "F8177221-6E52-4B0B-A521-DCD522120CA8", "vulnerable": true}, {"criteria": "cpe:2.3:a:pan:pan:0.110:*:*:*:*:*:*:*", "matchCriteriaId": "7D658A45-3886-429C-B8BC-F36DD5247D83", "vulnerable": true}, {"criteria": "cpe:2.3:a:pan:pan:0.111:*:*:*:*:*:*:*", "matchCriteriaId": "FBD5C3F5-D748-47A3-8471-18491EAB0852", "vulnerable": true}, {"criteria": "cpe:2.3:a:pan:pan:0.112:*:*:*:*:*:*:*", "matchCriteriaId": "E1F1444F-8290-4589-B37A-411D024740C8", "vulnerable": true}, {"criteria": "cpe:2.3:a:pan:pan:0.113:*:*:*:*:*:*:*", "matchCriteriaId": "C48373A9-FFF9-46C0-9A0F-E180DAFEE7E3", "vulnerable": true}, {"criteria": "cpe:2.3:a:pan:pan:0.114:*:*:*:*:*:*:*", "matchCriteriaId": "BDDF3558-EE2F-4710-B8A0-E38C686474BA", "vulnerable": true}, {"criteria": "cpe:2.3:a:pan:pan:0.115:*:*:*:*:*:*:*", "matchCriteriaId": "06B19920-0911-4078-A646-517AA8F4C933", "vulnerable": true}, {"criteria": "cpe:2.3:a:pan:pan:0.116:*:*:*:*:*:*:*", "matchCriteriaId": "B6FA1ED5-1252-4711-8244-2D1E6800147C", "vulnerable": true}, {"criteria": "cpe:2.3:a:pan:pan:0.117:*:*:*:*:*:*:*", "matchCriteriaId": "062159F1-4094-4355-8EAB-9BECD1F469AD", "vulnerable": true}, {"criteria": "cpe:2.3:a:pan:pan:0.118:*:*:*:*:*:*:*", "matchCriteriaId": "951B12B7-7313-4200-AB5D-F70065502722", "vulnerable": true}, {"criteria": "cpe:2.3:a:pan:pan:0.119:*:*:*:*:*:*:*", "matchCriteriaId": "4DD8557F-4FAD-4EEC-9EC3-041BBE437E2D", "vulnerable": true}, {"criteria": "cpe:2.3:a:pan:pan:0.120:*:*:*:*:*:*:*", "matchCriteriaId": "97B76EC9-B238-42E4-90CE-F35F039B782F", "vulnerable": true}, {"criteria": "cpe:2.3:a:pan:pan:0.121:*:*:*:*:*:*:*", "matchCriteriaId": "08FC4F0B-B92E-4C9E-8DA9-4B5782C2359B", "vulnerable": true}, {"criteria": "cpe:2.3:a:pan:pan:0.122:*:*:*:*:*:*:*", "matchCriteriaId": "B8901478-3413-43E7-A21E-28F920E12B2E", "vulnerable": true}, {"criteria": "cpe:2.3:a:pan:pan:0.123:*:*:*:*:*:*:*", "matchCriteriaId": "8D185E00-F55D-4101-9952-D35D49B15ECB", "vulnerable": true}, {"criteria": "cpe:2.3:a:pan:pan:0.124:*:*:*:*:*:*:*", "matchCriteriaId": "D878570C-D363-4E37-8581-A76DC5DBB370", "vulnerable": true}, {"criteria": "cpe:2.3:a:pan:pan:0.125:*:*:*:*:*:*:*", "matchCriteriaId": "515419E8-50F6-454D-8224-9EE4CEA40ED9", "vulnerable": true}, {"criteria": "cpe:2.3:a:pan:pan:0.126:*:*:*:*:*:*:*", "matchCriteriaId": "DA214133-C80D-47AA-B8AC-F79FB2BE6779", "vulnerable": true}, {"criteria": "cpe:2.3:a:pan:pan:0.127:*:*:*:*:*:*:*", "matchCriteriaId": "43BEFDEE-C200-48BF-94D2-B74070178546", "vulnerable": true}, {"criteria": "cpe:2.3:a:pan:pan:0.128:*:*:*:*:*:*:*", "matchCriteriaId": "868189F7-3A9C-4318-84E4-6F455AB99E6A", "vulnerable": true}, {"criteria": "cpe:2.3:a:pan:pan:0.129:*:*:*:*:*:*:*", "matchCriteriaId": "709FCD8C-F8CC-4604-8ED2-DCBDC7CE59E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:pan:pan:0.130:*:*:*:*:*:*:*", "matchCriteriaId": "B982CC3C-90D7-4F62-A6D3-990F3C33D7AF", "vulnerable": true}, {"criteria": "cpe:2.3:a:pan:pan:0.131:*:*:*:*:*:*:*", "matchCriteriaId": "D58629D2-E6B3-462E-8C0C-C8307EE85835", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The PartsBatch class in Pan 0.132 and earlier does not properly manage the data structures for Parts batches, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .nzb file that triggers a heap-based buffer overflow."}, {"lang": "es", "value": "La clase PartsBatch en Pan versi\u00f3n 0.132 y anteriores, no gestiona apropiadamente las estructuras de datos para lotes de Parts, lo que permite a los atacantes remotos causar una denegaci\u00f3n de servicio (bloqueo de aplicaci\u00f3n) y posiblemente ejecutar c\u00f3digo arbitrario por medio de un archivo .nzb dise\u00f1ado que activa un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria."}], "id": "CVE-2008-2363", "lastModified": "2025-04-09T00:30:58.490", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "MEDIUM", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 9.3, "confidentialityImpact": "COMPLETE", "integrityImpact": "COMPLETE", "vectorString": "AV:N/AC:M/Au:N/C:C/I:C/A:C", "version": "2.0"}, "exploitabilityScore": 8.6, "impactScore": 10.0, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}]}, "published": "2008-06-02T21:30:00.000", "references": [{"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=224051"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://bugzilla.gnome.org/show_bug.cgi?id=535413"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://marc.info/?l=oss-security&m=121207185600564&w=2"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30717"}, {"source": "secalert@redhat.com", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31315"}, {"source": "secalert@redhat.com", "url": "http://security.gentoo.org/glsa/glsa-200807-15.xml"}, {"source": "secalert@redhat.com", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:201"}, {"source": "secalert@redhat.com", "url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html"}, {"source": "secalert@redhat.com", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/29421"}, {"source": "secalert@redhat.com", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=446902"}, {"source": "secalert@redhat.com", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42750"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://bugs.gentoo.org/show_bug.cgi?id=224051"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://bugzilla.gnome.org/show_bug.cgi?id=535413"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://marc.info/?l=oss-security&m=121207185600564&w=2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/30717"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/31315"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://security.gentoo.org/glsa/glsa-200807-15.xml"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.mandriva.com/security/advisories?name=MDVSA-2008:201"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.novell.com/linux/security/advisories/2008_13_sr.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch"], "url": "http://www.securityfocus.com/bid/29421"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=446902"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/42750"}], "sourceIdentifier": "secalert@redhat.com", "vendorComments": [{"comment": "Not vulnerable. This issue did not affect the versions of pan as shipped with Red Hat Enterprise Linux 2.1. No other versions of Red Hat Enterprise Linux have shipped Pan.", "lastModified": "2008-06-03T00:00:00", "organization": "Red Hat"}], "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}