CVE-2008-5714

high

Description

Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/47683

http://www.ubuntu.com/usn/usn-776-1

http://www.securityfocus.com/bid/33020

http://svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu&r1=5966&r2=5965&pathrev=5966

http://svn.savannah.gnu.org/viewvc/?view=rev&root=qemu&revision=5966

http://secunia.com/advisories/35062

http://secunia.com/advisories/34642

http://secunia.com/advisories/33568

http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html

http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html

http://lists.gnu.org/archive/html/qemu-devel/2008-12/msg00498.html

http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html

Details

Source: Mitre, NVD

Published: 2008-12-24

Updated: 2017-08-08

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:C/I:N/A:N

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N