Launchpad CVE tracker

CVE 2008-2363

The PartsBatch class in Pan 0.132 and earlier does not properly manage the data structures for Parts batches, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .nzb file that triggers a heap-based buffer overflow.

Related bugs and status

CVE-2008-2363 (Candidate) is related to these bugs:

Bug #235747: Buffer Overflow in Pan

		In	Importance	Status
235747	Buffer Overflow in Pan	pan (Ubuntu)	Low	Confirmed
235747	Buffer Overflow in Pan	pan (Debian)	Unknown	Fix Released
235747	Buffer Overflow in Pan	pan (Fedora)	Unknown	Confirmed

Bug #238089: [CVE-2008-2363] Heap overflow in PartsBatch class via .nzb files

		In	Importance	Status
238089	[CVE-2008-2363] Heap overflow in PartsBatch class via .nzb files	pan (Ubuntu)	Low	Fix Released
238089	[CVE-2008-2363] Heap overflow in PartsBatch class via .nzb files	pan	Critical	Fix Released
238089	[CVE-2008-2363] Heap overflow in PartsBatch class via .nzb files	pan (Gentoo Linux)	Medium	Fix Released
238089	[CVE-2008-2363] Heap overflow in PartsBatch class via .nzb files	pan (Fedora)	High	Fix Released
238089	[CVE-2008-2363] Heap overflow in PartsBatch class via .nzb files	pan (Ubuntu Hardy)	Undecided	Fix Released
238089	[CVE-2008-2363] Heap overflow in PartsBatch class via .nzb files	pan (Ubuntu Intrepid)	Undecided	Fix Released
238089	[CVE-2008-2363] Heap overflow in PartsBatch class via .nzb files	pan (Ubuntu Karmic)	Low	Fix Released
238089	[CVE-2008-2363] Heap overflow in PartsBatch class via .nzb files	pan (Ubuntu Jaunty)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2008-2363

References