CVE-2008-2363

NameCVE-2008-2363
DescriptionThe PartsBatch class in Pan 0.132 and earlier does not properly manage the data structures for Parts batches, which allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a crafted .nzb file that triggers a heap-based buffer overflow.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs483562

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pan (PTS)bullseye0.146-2fixed
bookworm0.154-1fixed
trixie0.162-1fixed
forky, sid0.164-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
pansourceetch(not affected)
pansource(unstable)0.132-3.1483562

Notes

[etch] - pan <not-affected> (Vulnerable code not added until 0.130)
see http://svn.gnome.org/viewvc/pan2/trunk/pan/data/parts.cc?view=log&pathrev=286
Search for package or bug name: Reporting problems