CVE-2004-0247

The client and server of Chaser 1.50 and earlier allow remote attackers to cause a denial of service (crash via exception) via a UDP packet with a length field that is greater than the actual data length, which causes Chaser to read unexpected memory.

CVSS v2.0 5.0 MEDIUM

5.0^/10

CVSS v2.0 : MEDIUM

Vector : AV:N/AC:L/Au:N/C:N/I:N/A:P

Exploitability : 10.0 / Impact : 2.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References

Link	Resource
http://marc.info/?l=bugtraq&m=107584109420084&w=2
http://www.securityfocus.com/bid/9567	Exploit Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15031
http://marc.info/?l=bugtraq&m=107584109420084&w=2
http://www.securityfocus.com/bid/9567	Exploit Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/15031

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:cauldron:chaser_client:1.5:::::::*
	cpe:2.3:a:cauldron:chaser_server:1.4.9:::::::*
	cpe:2.3:a:cauldron:chaser_server:1.5:::::::*

History

No history.

Information

Published : 2004-11-23 05:00

Updated : 2025-04-03 01:03

NVD link : CVE-2004-0247

Mitre link : CVE-2004-0247

CVE.ORG link : CVE-2004-0247

JSON object : View

Products Affected

cauldron

chaser_server
chaser_client

CWE

NVD-CWE-Other

{"id": "CVE-2004-0247", "cveTags": [], "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 5.0, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "PARTIAL", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "MEDIUM", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}]}, "published": "2004-11-23T05:00:00.000", "references": [{"url": "http://marc.info/?l=bugtraq&m=107584109420084&w=2", "source": "cve@mitre.org"}, {"url": "http://www.securityfocus.com/bid/9567", "tags": ["Exploit", "Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15031", "source": "cve@mitre.org"}, {"url": "http://marc.info/?l=bugtraq&m=107584109420084&w=2", "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "http://www.securityfocus.com/bid/9567", "tags": ["Exploit", "Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/15031", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Deferred", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-Other"}]}], "descriptions": [{"lang": "en", "value": "The client and server of Chaser 1.50 and earlier allow remote attackers to cause a denial of service (crash via exception) via a UDP packet with a length field that is greater than the actual data length, which causes Chaser to read unexpected memory."}, {"lang": "es", "value": "El cliente y el servidor de Chaser 1.50 y anteriores permite que atacantes remotos provoquen una denegaci\u00f3n de servicio (ca\u00edda) mediante un paquete UDP con un campo de longitud que es mayor que la longitud real de los datos (lo que provoca leer memoria inexperadamente)."}], "lastModified": "2025-04-03T01:03:51.193", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:cauldron:chaser_client:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0092E5FF-5978-4DD7-A1E3-CB9F3D640754"}, {"criteria": "cpe:2.3:a:cauldron:chaser_server:1.4.9:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FC5912C4-EBE1-4928-BC62-2E39B4E1417F"}, {"criteria": "cpe:2.3:a:cauldron:chaser_server:1.5:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "49C5DD74-599D-4D6A-91A0-233380B00C4B"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}