Lucene search

K

[email protected]NVD:CVE-2008-4829

HistoryNov 25, 2008 - 11:30 p.m.

CVE-2008-4829

2008-11-2523:30:00

CWE-119

[email protected]

web.nvd.nist.gov

1

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.141 Low

EPSS

Percentile

95.7%

Multiple buffer overflows in lib/http.c in Streamripper 1.63.5 allow remote attackers to execute arbitrary code via (1) a long “Zwitterion v” HTTP header, related to the http_parse_sc_header function; (2) a crafted pls playlist with a long entry, related to the http_get_pls function; or (3) a crafted m3u playlist with a long File entry, related to the http_get_m3u function.

Affected configurations

NVD

Node

streamripperstreamripperMatch1.63.5

References

secunia.com/advisories/32562

secunia.com/advisories/33052

secunia.com/advisories/33061

secunia.com/secunia_research/2008-50/

securityreason.com/securityalert/4647

www.debian.org/security/2008/dsa-1683

www.osvdb.org/49997

www.securityfocus.com/archive/1/498486/100/0/threaded

www.securityfocus.com/bid/32356

www.vupen.com/english/advisories/2008/3207

9.3 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

Low

0.141 Low

EPSS

Percentile

95.7%

Related for NVD:CVE-2008-4829

nessus3 ubuntucve1 securityvulns2 seebug1 freebsd1 gentoo1 openvas10 cvelist1 cve1 debiancve1 prion1 osv1 debian1