Lucene search

[email protected]CVE-2006-2465

HistoryMay 19, 2006 - 10:02 a.m.

CVE-2006-2465

2006-05-1910:02:00

[email protected]

web.nvd.nist.gov

cve-2006-2465

buffer overflow

mp3info

arbitrary code execution

command line argument

vulnerability

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.5%

JSON

Buffer overflow in MP3Info 0.8.4 allows attackers to execute arbitrary code via a long command line argument. NOTE: if mp3info is not installed setuid or setgid in any reasonable context, then this issue might not be a vulnerability.

Affected configurations

NVD

Node

mp3infomp3infoMatch0.8.4

CPENameOperatorVersion
mp3info:mp3infomp3infoeq0.8.4

CPE	Name	Operator	Version
mp3info:mp3info	mp3info	eq	0.8.4

References

osvdb.org/show/osvdb/30945

packetstormsecurity.com/files/124955/Mp3info-Stack-Buffer-Overflow.html

packetstormsecurity.com/files/125786/MP3Info-0.8.5-SEH-Buffer-Overflow.html

securitytracker.com/id?1016108

www.exploit-db.com/exploits/32358

www.securiteam.com/exploits/5GP0E15IKO.html

www.securityfocus.com/bid/18016

5.1 Medium

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:H/Au:N/C:P/I:P/A:P

7.7 High

AI Score

Confidence

High

0.011 Low

EPSS

Percentile

84.5%

JSON

Related for CVE-2006-2465

packetstorm1 cvelist1 nvd1 prion1 zdt1 debiancve1