CVE-2008-1302

Name of the Vulnerable Software and Affected Versions Perforce Server versions 2007.3/143793 and earlier

Description The issue allows remote attackers to cause a denial of service, resulting in a daemon crash. This can be achieved by sending a server-DiffFile or server-ReleaseFile command with a large integer value. The large integer is used in an array initialization calculation, leading to invalid memory access.

Recommendations For Perforce Server versions 2007.3/143793 and earlier, consider restricting access to the server-DiffFile and server-ReleaseFile commands until a fix is available. As a temporary workaround, limit the input values for these commands to prevent large integers from being processed.