cbcvebase.
CVE-2008-6393
published 2009-03-03

CVE-2008-6393: PSI Jabber client before 0.12.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file transfer request…

PriorityP357critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
18.20%
96.8th percentile
PSI Jabber client before 0.12.1 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a file transfer request with a negative value in a SOCKS5 option, which bypasses a signed integer check and triggers an integer overflow and a heap-based buffer overflow.

Affected

14 ranges
VendorProductVersion rangeFixed in
debianpsi< psi 0.12.1-1 (bookworm)psi 0.12.1-1 (bookworm)
psi-impsi<= 0.12
psi-impsi
psi-impsi
psi-impsi
psi-impsi
psi-impsi
psi-impsi
psi-impsi
psi-impsi
psi-impsi>= 0 < 0.12.1-10.12.1-1
psi-impsi>= 0 < 0.12.1-10.12.1-1
psi-impsi>= 0 < 0.12.1-10.12.1-1
psi-impsi>= 0 < 0.12.1-10.12.1-1

CVSS provenance

nvdv2.010.0CRITICALAV:N/AC:L/Au:N/C:C/I:C/A:C
osv10.0CRITICAL
vendor_debian10.0LOW
vendor_redhat10.0CRITICAL
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.