CyberSec.Space Logo
Back to CVE Browser

CVE-2008-1338

HIGH
7.8
CVSS Severity Score
EPSS Score0.1370%
EPSS Percentile9.44th
PublishedMar 14, 2008
Last ModifiedApr 23, 2026

Vulnerability Description

The Perforce service (p4s.exe) in Perforce Server 2007.3/143793 and earlier allows remote attackers to cause a denial of service (daemon crash) via a server-DiffFile command with an integer value within a certain range, which causes a loop until all memory is exhausted.

Affected Platforms (CPE)

πŸ“¦
Perforce

Perforce Server

<= 2007.3_143793

References & Advisories

πŸ”— http://aluigi.altervista.org/adv/perforces-adv.txt
πŸ”— http://aluigi.org/poc/perforces.zip
πŸ”— http://secunia.com/advisories/29231
πŸ”— http://securityreason.com/securityalert/3735
πŸ”— http://www.securityfocus.com/archive/1/489179/100/0/threaded
πŸ”— http://www.securityfocus.com/bid/28108
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/41017
πŸ”— https://exchange.xforce.ibmcloud.com/vulnerabilities/41361

Related Vulnerabilities

CVE-2007-010010.0

The Perforce client does not restrict the set of files that it overwrites upon receiving a request from the server, which allows r...

CVE-2010-09347.1

The triggers functionality in Perforce Server 2008.1 allows remote authenticated users with super privileges to execute arbitrary ...

CVE-2021-216557.1

A cross-site request forgery (CSRF) vulnerability in Jenkins P4 Plugin 1.11.4 and earlier allows attackers to connect to an attack...

CVE-2010-09336.8

Directory traversal vulnerability in Perforce Server 2008.1 allows remote authenticated users to create arbitrary files via a .. (...