Lucene search

[email protected]CVE-2009-1351

HistoryApr 21, 2009 - 4:24 p.m.

CVE-2009-1351

2009-04-2116:24:52

CWE-119

[email protected]

web.nvd.nist.gov

cve-2009-1351

apollo 37zz

buffer overflow

denial of service

code execution

.m3u file

security vulnerability

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.4 High

AI Score

Confidence

High

0.062 Low

EPSS

Percentile

93.6%

JSON

Heap-based buffer overflow in Apollo 37zz allows remote attackers to cause a denial of service (application crash) and possibly execute arbitrary code via a long URI in a playlist (.m3u) file.

Affected configurations

NVD

Node

heikki_ylinenapolloMatch37zz

CPENameOperatorVersion
heikki_ylinen:apolloheikki ylinen apolloeq37zz

CPE	Name	Operator	Version
heikki_ylinen:apollo	heikki ylinen apollo	eq	37zz

References

osvdb.org/53770

secunia.com/advisories/34050

www.securityfocus.com/bid/34554

www.exploit-db.com/exploits/8451

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

8.4 High

AI Score

Confidence

High

0.062 Low

EPSS

Percentile

93.6%

JSON

Related for CVE-2009-1351

cvelist1 nvd1 prion1