Rendezvous < 8.0.0 Crafted Packet Remote DoS

high Nessus Plugin ID 28376


The remote host contains an application that is prone to a denial of service attack.


The remote host appears to be running Rendezvous, a commercial messaging software product used for building distributed applications

According to its banner, Rendezvous' rvd daemon fails to properly validate input in incoming packets before using it to allocate memory. By sending a specially crafted packet with a length field of 0, an unauthenticated, remote attacker may be able to leak memory and eventually exhaust memory on the affected system.


Upgrade to TIBCO Rendezvous version 8.0 or later as that reportedly addresses the issue.

See Also

Plugin Details

Severity: High

ID: 28376

File Name: rendezvous_8_0_0.nasl

Version: 1.14

Type: remote

Published: 12/2/2007

Updated: 9/21/2020

Supported Sensors: Nessus

Risk Information


Risk Factor: Low

Score: 3.6


Risk Factor: High

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Vulnerability Information

CPE: cpe:/a:tibco:rendezvous

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 7/31/2007

Reference Information

CVE: CVE-2007-4158

BID: 25132

CWE: 399