Lucene search

[email protected]CVE-2004-0982

HistoryFeb 09, 2005 - 5:00 a.m.

CVE-2004-0982

2005-02-0905:00:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2004-0982

buffer overflow

getauthfromurl

mpg123

remote code execution

url

mp3

nvd

7.4 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.037 Low

EPSS

Percentile

91.8%

JSON

Buffer overflow in the getauthfromURL function in httpget.c in mpg123 pre0.59s and mpg123 0.59r could allow remote attackers or local users to execute arbitrary code via an mp3 file that contains a long string before the @ (at sign) in a URL.

CPENameOperatorVersion
mpg123:mpg123mpg123eq0.59r
mpg123:mpg123mpg123eqpre0.59s

CPE	Name	Operator	Version
mpg123:mpg123	mpg123	eq	0.59r
mpg123:mpg123	mpg123	eq	pre0.59s

References

marc.info/?l=bugtraq&m=109834486312407&w=2

secunia.com/advisories/12908

securitytracker.com/id?1011832

www.barrossecurity.com/advisories/mpg123_getauthfromurl_bof_advisory.txt

www.debian.org/security/2004/dsa-578

www.gentoo.org/security/en/glsa/glsa-200410-27.xml

www.osvdb.org/11023

www.securityfocus.com/bid/11468

exchange.xforce.ibmcloud.com/vulnerabilities/17574

7.4 High

AI Score

Confidence

Low

10 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:C/I:C/A:C

0.037 Low

EPSS

Percentile

91.8%

JSON

Related for CVE-2004-0982

nessus4 openvas6 cvelist2 gentoo1 freebsd1 debiancve2 osv1 debian2 ubuntucve2 cve1