CVE-2008-2654

Published Jun 13, 2008

Last updated 7 years ago

Overview

Description: Off-by-one error in the read_client function in webhttpd.c in Motion 3.2.10 and earlier might allow remote attackers to execute arbitrary code via a long request to a Motion HTTP Control interface, which triggers a stack-based buffer overflow with some combinations of processor architecture and compiler.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 10
Impact score: 10
Exploitability score: 10
Vector string: AV:N/AC:L/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: CWE-189

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:lavrsen:motion:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "2EBD0F21-2FB6-4388-AE60-6F08B7F66BB7",
            "versionEndIncluding": "3.2.10"
          },
          {
            "criteria": "cpe:2.3:a:lavrsen:motion:3.1.17:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4D147C1E-A7CC-4C2D-A737-F8B3B385A70D"
          },
          {
            "criteria": "cpe:2.3:a:lavrsen:motion:3.1.18:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BB41C1E0-6D13-4866-A8DC-9FC96FE963D4"
          },
          {
            "criteria": "cpe:2.3:a:lavrsen:motion:3.1.19:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B63526C3-4163-47B5-890C-414E9C0BB30E"
          },
          {
            "criteria": "cpe:2.3:a:lavrsen:motion:3.1.20:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D536002E-9A4F-4586-9FA9-6F30BE90885E"
          },
          {
            "criteria": "cpe:2.3:a:lavrsen:motion:3.2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E277E868-851C-4462-AB0F-E2153F0C7F09"
          },
          {
            "criteria": "cpe:2.3:a:lavrsen:motion:3.2.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1910DE64-CDD2-46F8-A8AE-0FD64F7D58E7"
          },
          {
            "criteria": "cpe:2.3:a:lavrsen:motion:3.2.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "39EBADC9-B374-4FAD-BB32-987D03849911"
          },
          {
            "criteria": "cpe:2.3:a:lavrsen:motion:3.2.4:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "72E7C90C-A1A7-4466-AB7F-58B0A412D9C4"
          },
          {
            "criteria": "cpe:2.3:a:lavrsen:motion:3.2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "28575000-61BD-4477-B16B-69BB12C91071"
          },
          {
            "criteria": "cpe:2.3:a:lavrsen:motion:3.2.6:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0D8A1DB7-80BA-498C-9781-E60C41DA3503"
          },
          {
            "criteria": "cpe:2.3:a:lavrsen:motion:3.2.7:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F469039A-4876-477D-8470-C4F5A5D6B70A"
          },
          {
            "criteria": "cpe:2.3:a:lavrsen:motion:3.2.8:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F39D6ECA-E207-490F-883C-1484D8B507DB"
          },
          {
            "criteria": "cpe:2.3:a:lavrsen:motion:3.2.9:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C24FF31B-C7B7-4030-A46F-C925142897D5"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References