header-logo
Suggest Exploit
vendor:
Ventrilo
by:
milw0rm.com
7.5
CVSS
HIGH
NULL pointer dereference
476
CWE
Product Name: Ventrilo
Affected Version From: 3.0.2
Affected Version To: 3.0.2
Patch Exists: YES
Related CWE: N/A
CPE: a:ventrilo:ventrilo:3.0.2
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2008

NULL pointer in Ventrilo 3.0.2

A NULL pointer dereference vulnerability exists in Ventrilo 3.0.2. An attacker can exploit this vulnerability to cause a denial of service condition. The vulnerability is due to a lack of proper validation of user-supplied input when handling a packet with an opcode of 0x0A. By sending a specially crafted packet with an opcode of 0x0A, an attacker can cause a NULL pointer dereference, resulting in a denial of service condition.

Mitigation:

Upgrade to the latest version of Ventrilo 3.0.2 or later.
Source

Exploit-DB raw data:

NULL pointer in Ventrilo 3.0.2

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/6237.zip (2008-ventrilobotomy.zip)

# milw0rm.com [2008-08-13]

Navigation

Suggest Exploit

Services By CQR