Lucene search

[email protected]CVE-2008-4829

HistoryNov 25, 2008 - 11:30 p.m.

CVE-2008-4829

2008-11-2523:30:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2008-4829

buffer overflows

remote code execution

streamripper

http headers

playlists

7.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.141 Low

EPSS

Percentile

95.7%

JSON

Multiple buffer overflows in lib/http.c in Streamripper 1.63.5 allow remote attackers to execute arbitrary code via (1) a long “Zwitterion v” HTTP header, related to the http_parse_sc_header function; (2) a crafted pls playlist with a long entry, related to the http_get_pls function; or (3) a crafted m3u playlist with a long File entry, related to the http_get_m3u function.

CPENameOperatorVersion
streamripper:streamripperstreamrippereq1.63.5

CPE	Name	Operator	Version
streamripper:streamripper	streamripper	eq	1.63.5

References

secunia.com/advisories/32562

secunia.com/advisories/33052

secunia.com/advisories/33061

secunia.com/secunia_research/2008-50/

securityreason.com/securityalert/4647

www.debian.org/security/2008/dsa-1683

www.osvdb.org/49997

www.securityfocus.com/archive/1/498486/100/0/threaded

www.securityfocus.com/bid/32356

www.vupen.com/english/advisories/2008/3207

7.4 High

AI Score

Confidence

Low

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.141 Low

EPSS

Percentile

95.7%

JSON

Related for CVE-2008-4829

securityvulns2 openvas10 cvelist1 freebsd1 gentoo1 nessus3 seebug1 ubuntucve1 debiancve1 prion1 debian1 osv1