Denial of Service Vulnerability in Perforce Server by Perforce
CVE-2008-1338

Currently unrated

Key Information:

Vendor: Perforce
Status: Perforce Server
Vendor: CVE Published:; 14 March 2008

What is CVE-2008-1338?

The Perforce Server is susceptible to a Denial of Service attack due to a flaw in the p4s.exe service. Attackers can exploit this vulnerability by issuing a server-DiffFile command with a specific integer value, triggering a loop that exhausts system memory, ultimately causing the server to crash. This allows remote attackers to disrupt service availability, posing significant risks to operational continuity.

References

http://aluigi.org/poc/perforces.zip

x_refsource_MISC

http://www.securityfocus.com/bid/28108

vdb-entryx_refsource_BID

http://www.securityfocus.com/archive/1/489179/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 14, 2008
Vulnerability Reserved
Mar 14, 2008