Vulnerabilities > CVE-2007-4535 - Remote vulnerability in Vavoom

047910
CVSS 4.3 - MEDIUM
Attack vector
NETWORK
Attack complexity
MEDIUM
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
vavoom
nessus
exploit available

Summary

The VStr::Resize function in str.cpp in Vavoom 1.24 and earlier allows remote attackers to cause a denial of service (daemon crash) via a string with a negative NewLen value within a certain UDP packet that triggers an assertion error.

Vulnerable Configurations

Part Description Count
Application
Vavoom
1

Exploit-Db

descriptionVavoom 1.24 str.cpp VStr::Resize Function Crafted UDP Packet Remote DoS. CVE-2007-4535 . Dos exploits for multiple platform
idEDB-ID:30527
last seen2016-02-03
modified2007-08-24
published2007-08-24
reporterLuigi Auriemma
sourcehttps://www.exploit-db.com/download/30527/
titleVavoom 1.24 str.cpp VStr::Resize Function Crafted UDP Packet Remote DoS

Nessus

NASL familyFedora Local Security Checks
NASL idFEDORA_2007-1977.NASL
descriptionSecurity update fixing various format strings vulnerabilities and a DOS vulnerability in the vavoom server, this fixes: CVE-2007-4533, CVE-2007-4534 & CVE-2007-4535. Also see bugzilla bug 256621. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
last seen2020-06-01
modified2020-06-02
plugin id27741
published2007-11-06
reporterThis script is Copyright (C) 2007-2019 Tenable Network Security, Inc.
sourcehttps://www.tenable.com/plugins/nessus/27741
titleFedora 7 : vavoom-1.24-3.fc7 (2007-1977)