Published: 05/11/2018 Updated: 23/01/2019

CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6

CVSS v3 Base Score: 8.1 | Impact Score: 5.9 | Exploitability Score: 2.2

VMScore: 605

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P

A buffer overflow exists in the URL-authentication backend of the Icecast prior to 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution.

Vulnerable Product	Search on Vulmon	Subscribe to Product
xiph icecast
debian debian linux 9.0
debian debian linux 8.0

Debian Bug report logs - #912611 icecast2: CVE-2018-18820 Package: src:icecast2; Maintainer for src:icecast2 is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 1 Nov 2018 20:57:01 UTC Severity: grave Tags: patch, security, upstream ...

Nick Rolfe discovered multiple buffer overflows in the Icecast multimedia streaming server which could result in the execution of arbitrary code For the stable distribution (stretch), this problem has been fixed in version 242-1+deb9u1 We recommend that you upgrade your icecast2 packages For the detailed security status of icecast2 please refe ...

CWE-119 https://www.debian.org/security/2018/dsa-4333 http://www.securitytracker.com/id/1042019 http://www.openwall.com/lists/oss-security/2018/11/01/3 https://security.gentoo.org/glsa/201811-09 https://lists.debian.org/debian-lts-announce/2018/11/msg00033.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912611 https://nvd.nist.gov https://www.debian.org/security/./dsa-4333

CVE-2018-18820

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect