Rendezvous < 8.0.0 Crafted Packet Remote DoS

High Nessus Plugin ID 28376


The remote host contains an application that is prone to a denial of service attack.


The remote host appears to be running Rendezvous, a commercial messaging software product used for building distributed applications

According to its banner, Rendezvous' rvd daemon fails to properly validate input in incoming packets before using it to allocate memory. By sending a specially crafted packet with a length field of 0, an unauthenticated, remote attacker may be able to leak memory and eventually exhaust memory on the affected system.


Upgrade to TIBCO Rendezvous version 8.0 or later as that reportedly addresses the issue.

See Also

Plugin Details

Severity: High

ID: 28376

File Name: rendezvous_8_0_0.nasl

Version: 1.13

Type: remote

Published: 2007/12/02

Updated: 2018/07/27

Dependencies: 10107

Risk Information

Risk Factor: High

CVSS v2.0

Base Score: 7.8

Temporal Score: 5.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Temporal Vector: CVSS2#E:U/RL:OF/RC:C

Vulnerability Information

Exploit Available: false

Exploit Ease: No known exploits are available

Vulnerability Publication Date: 2007/07/31

Reference Information

CVE: CVE-2007-4158

BID: 25132

CWE: 399