Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2007-1804

Published: 02/04/2007 Updated: 29/07/2017
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 785
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Pulseaudio

Vulnerability Summary

PulseAudio 0.9.5 allows remote malicious users to cause a denial of service (daemon crash) via (1) a PA_PSTREAM_DESCRIPTOR_LENGTH value of FRAME_SIZE_MAX_ALLOW sent on TCP port 9875, which triggers a p->export assertion failure in do_read; (2) a PA_PSTREAM_DESCRIPTOR_LENGTH value of 0 sent on TCP port 9875, which triggers a length assertion failure in pa_memblock_new; or (3) an empty packet on UDP port 9875, which triggers a t assertion failure in pa_sdp_parse; and allows remote authenticated users to cause a denial of service (daemon crash) via a crafted packet on TCP port 9875 that (4) triggers a maxlength assertion failure in pa_memblockq_new, (5) triggers a size assertion failure in pa_xmalloc, or (6) plays a certain sound file.

Vulnerable Product Search on Vulmon Subscribe to Product

pulseaudio pulseaudio 0.9.5

Vendor Advisories

Ubuntu Security Notice: pulseaudio vulnerability
Luigi Auriemma discovered multiple flaws in pulseaudio’s network processing code If an unauthenticated attacker sent specially crafted requests to the pulseaudio daemon, it would crash, resulting in a denial of service ...

Exploits

Exploit DB: PulseAudio 0.9.5 - 'Assert()' Remote Denial of Service
source: wwwsecurityfocuscom/bid/23240/info PulseAudio is prone to a remote denial-of-service vulnerability Exploiting this issue allows remote attackers to consume excessive system resources until the software becomes unresponsive to further calls, effectively denying service to legitimate users PulseAudio 095 is vulnerable to this ...

References

NVD-CWE-Otherhttp://aluigi.altervista.org/adv/pulsex-adv.txthttp://aluigi.org/poc/pulsex.ziphttp://www.securityfocus.com/bid/23240http://www.novell.com/linux/security/advisories/2007_13_sr.htmlhttp://www.ubuntu.com/usn/usn-465-1http://secunia.com/advisories/25431http://secunia.com/advisories/25787http://www.mandriva.com/security/advisories?name=MDVSA-2008:065http://www.vupen.com/english/advisories/2007/1214https://exchange.xforce.ibmcloud.com/vulnerabilities/33315https://usn.ubuntu.com/465-1/https://nvd.nist.govhttps://www.exploit-db.com/exploits/29809/
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-3581reflected XSSCVE-2024-26925CVE-2024-27956LFICVE-2024-3607CVE-2024-3107CVE-2024-3295SQL
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook