PT-2008-2893 · Perforce · Perforce Server
Luigi Auriemma
·
Published
2008-03-12
·
Updated
2018-10-11
·
CVE-2008-1302
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:N/I:N/A:P |
Name of the Vulnerable Software and Affected Versions
Perforce Server versions 2007.3/143793 and earlier
Description
The issue allows remote attackers to cause a denial of service, resulting in a daemon crash. This can be achieved by sending a server-DiffFile or server-ReleaseFile command with a large integer value. The large integer is used in an array initialization calculation, leading to invalid memory access.
Recommendations
For Perforce Server versions 2007.3/143793 and earlier, consider restricting access to the server-DiffFile and server-ReleaseFile commands until a fix is available. As a temporary workaround, limit the input values for these commands to prevent large integers from being processed.
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Perforce Server