CVE-2009-3676 — Infinite Loop in Microsoft Windows Server 2008

CWE-3992 documents2 sources

Severity

7.1HIGHNVD

EPSS

56.0%

top 1.89%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Microsoft Windows Server 2008

Timeline

PublishedNov 13

Latest updateMay 2

Description

The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a denial of service (infinite loop and system hang) via a (1) SMBv1 or (2) SMBv2 response packet that contains (a) an incorrect length value in a NetBIOS header or (b) an additional length field at the end of this response packet, aka "SMB Client Incomplete Response Vulnerability."

CVSS vector

AV:N/AC:M/C:N/I:N/A:CExploitability: 8.6 | Impact: 6.9

Affected Packages1 packages

▶NVDmicrosoft/windowsr2

Patches

Patch: www.microsoft.com ↗Patch: www.microsoft.com ↗

🔴Vulnerability Details

GHSA

GHSA-8q5p-rpfq-gjc9: The SMB client in the kernel in Microsoft Windows Server 2008 R2 and Windows 7 allows remote SMB servers and man-in-the-middle attackers to cause a de↗2022-05-02

▶