Published: 06/07/2006 Updated: 05/09/2008

CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10

VMScore: 755

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Heap-based buffer overflow in httpdget.c in mpg123 prior to 0.59s-rll allows remote malicious users to execute arbitrary code via a long URL, which is not properly terminated before being used with the strncpy function. NOTE: This appears to be the result of an incomplete patch for CVE-2004-0982.

Vulnerable Product	Search on Vulmon	Subscribe to Product
mpg123 mpg123 pre0.59s_r11

Debian Bug report logs - #377264 mpg123 heap overflow in httpgetc Package: mpg123; Maintainer for mpg123 is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Source for mpg123 is src:mpg123 (PTS, buildd, popcon) Reported by: Horst Schirmeier <horst@schirmeiercom> Date: Fri, 7 Jul 2006 17:48:01 UT ...

source: wwwsecurityfocuscom/bid/18794/info The mpg123 application is prone to a remote buffer-overflow vulnerability because it fails to properly bounds-check user-supplied input before copying it to an insufficiently sized memory buffer This issue may allow remote attackers to execute arbitrary machine code in the context of the affect ...

NVD-CWE-Other http://bugs.gentoo.org/show_bug.cgi?id=133988 http://security.gentoo.org/glsa/glsa-200607-01.xml http://secunia.com/advisories/20937 http://www.securityfocus.com/bid/18794 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=377264 https://nvd.nist.gov https://www.exploit-db.com/exploits/28160/

CVE-2006-3355

Vulnerability Summary

Vendor Advisories

Exploits

References

Vulmon Search

About

Products

Connect