Lucene search

[email protected]CVE-2006-0474

HistoryJan 31, 2006 - 11:03 a.m.

CVE-2006-0474

2006-01-3111:03:00

NVD-CWE-Other

[email protected]

web.nvd.nist.gov

cve-2006-0474

shareaza

integer overflows

remote code execution

nvd

8.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.095 Low

EPSS

Percentile

94.7%

JSON

Multiple integer overflows in Shareaza 2.2.1.0 allow remote attackers to execute arbitrary code via (1) a large packet length field, which causes an overflow in the ReadBuffer function in (a) BTPacket.cpp and (b) EDPacket.cpp, or (2) a large packet, which causes a heap-based overflow in the Write function in © Packet.h.

CPENameOperatorVersion
shareaza:shareazashareazaeq2.2.1.0

CPE	Name	Operator	Version
shareaza:shareaza	shareaza	eq	2.2.1.0

References

archives.neohapsis.com/archives/fulldisclosure/2006-01/0887.html

cvs.sourceforge.net/viewcvs.py/shareaza/shareaza/BTPacket.cpp?r1=1.5&r2=1.5.4.1

cvs.sourceforge.net/viewcvs.py/shareaza/shareaza/EDPacket.cpp?r1=1.15&r2=1.15.2.1

securityreason.com/securityalert/382

www.hustlelabs.com/shareaza_advisory.pdf

www.securityfocus.com/archive/1/423293/100/0/threaded

www.securityfocus.com/bid/16399

exchange.xforce.ibmcloud.com/vulnerabilities/24342

exchange.xforce.ibmcloud.com/vulnerabilities/24343

exchange.xforce.ibmcloud.com/vulnerabilities/24344

8.2 High

AI Score

Confidence

High

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.095 Low

EPSS

Percentile

94.7%

JSON

Related for CVE-2006-0474

kaspersky1 prion1