CVE-2008-0638

CWE-119 — Buffer Overflow7 documents4 sources

Severity

9.3CRITICAL

EPSS

20.2%

top 4.50%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Symantec Veritas Storage Foundation

Timeline

PublishedFeb 21

Latest updateMay 1

Description

Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc.exe) in Symantec Veritas Storage Foundation 5.0 allows remote attackers to execute arbitrary code via a packet with a crafted value of a certain size field, which is not checked for consistency with the actual buffer size.

CVSS vector

AV:N/AC:M/C:C/I:C/A:CExploitability: 8.6 | Impact: 10.0

Affected Packages1 packages

▶NVDsymantec/veritas_storage_foundation5.0

Patches

Patch: www.securityfocus.com ↗Patch: www.symantec.com ↗Patch: www.securityfocus.com ↗

🔴Vulnerability Details

GHSA

GHSA-95r5-99mc-hv7q: Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc↗2022-05-01

▶

CVEList

CVE-2008-0638: Heap-based buffer overflow in the Veritas Enterprise Administrator (VEA) service (aka vxsvc↗2008-02-21

▶

💬Community

Bugzilla

CVE-2008-3108 Security Vulnerability with JRE fonts processing may allow Elevation of Privileges (6450319)↗2008-07-09

▶

Bugzilla

CVE-2008-3112 Java Web Start, arbitrary file creation (6703909)↗2008-07-09

▶

Bugzilla

CVE-2008-3113 Java Web Start arbitrary file creation/deletion file with user permissions (6704077)↗2008-07-09

▶

Bugzilla

CVE-2008-3114 Java Web Start, untrusted application may determine Cache Location (6704074)↗2008-07-09

▶