Lucene search

K

PRIOn knowledge basePRION:CVE-2009-0490

HistoryFeb 10, 2009 - 1:30 a.m.

Stack overflow

2009-02-1001:30:00

PRIOn knowledge base

www.prio-n.com

4

8.6 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.069 Low

EPSS

Percentile

93.7%

Stack-based buffer overflow in the String_parse::get_nonspace_quoted function in lib-src/allegro/strparse.cpp in Audacity 1.2.6 and other versions before 1.3.6 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a .gro file containing a long string.

CPENameOperatorVersion
audacitylt1.3.6

References

bugs.gentoo.org/show_bug.cgi?id=253493

lists.opensuse.org/opensuse-security-announce/2009-02/msg00002.html

n2.nabble.com/Audacity-%22String_parse::get_nonspace_quoted()%22-Buffer-Overflow-td2139537.html

osvdb.org/51070

secunia.com/advisories/33356

www.securityfocus.com/bid/33090

www.vupen.com/english/advisories/2009/0008

www.exploit-db.com/exploits/7634

8.6 High

AI Score

Confidence

High

9.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

0.069 Low

EPSS

Percentile

93.7%

Related for PRION:CVE-2009-0490

securityvulns2 openvas11 nessus5 gentoo1 cvelist1 cve1 debiancve1 ubuntucve1