CVE-2008-5714 | Vulnerability Database | Aqua Security

Off-by-one error in monitor.c in Qemu 0.9.1 might make it easier for remote attackers to guess the VNC password, which is limited to seven characters where eight was intended.

Affected Software

Name	Vendor	Start Version	End Version
Qemu	Qemu	0.9.1 (including)	0.9.1 (including)

References

http://lists.gnu.org/archive/html/qemu-devel/2008-11/msg01224.html
http://lists.gnu.org/archive/html/qemu-devel/2008-12/msg00498.html
http://lists.opensuse.org/opensuse-security-announce/2009-01/msg00004.html
http://lists.opensuse.org/opensuse-security-announce/2009-04/msg00003.html
http://secunia.com/advisories/33568
http://secunia.com/advisories/34642
http://secunia.com/advisories/35062
http://svn.savannah.gnu.org/viewvc/?view=rev\u0026root=qemu\u0026revision=5966
http://svn.savannah.gnu.org/viewvc/trunk/monitor.c?root=qemu\u0026r1=5966\u0026r2=5965\u0026pathrev=5966
http://www.securityfocus.com/bid/33020
http://www.ubuntu.com/usn/usn-776-1
https://exchange.xforce.ibmcloud.com/vulnerabilities/47683

NVD	https://nvd.nist.gov/vuln/detail/CVE-2008-5714
CWE	https://cwe.mitre.org/data/definitions/189.html