Описание
Multiple stack-based buffer overflows in the procConnectArgs function in servmgr.cpp in PeerCast before 0.1217 allow remote attackers to execute arbitrary code via an HTTP GET request with a long (1) parameter name or (2) value in a URL, which triggers the overflow in the nextCGIarg function in servhs.cpp.
Ссылки
- Vendor Advisory
- ExploitPatchVendor Advisory
- ExploitPatch
- Vendor Advisory
- Vendor Advisory
- ExploitPatchVendor Advisory
- ExploitPatch
- Vendor Advisory
Уязвимые конфигурации
Конфигурация 1Версия до 0.1215 (включая)
Одно из
cpe:2.3:a:peercast:peercast:*:*:*:*:*:*:*:*
cpe:2.3:a:peercast:peercast:0.1211:*:*:*:*:*:*:*
cpe:2.3:a:peercast:peercast:0.1212:*:*:*:*:*:*:*
EPSS
Процентиль: 99%
0.82635
Высокий
7.5 High
CVSS2
Дефекты
CWE-119
Связанные уязвимости
debian
больше 19 лет назад
Multiple stack-based buffer overflows in the procConnectArgs function ...
github
больше 3 лет назад
Multiple stack-based buffer overflows in the procConnectArgs function in servmgr.cpp in PeerCast before 0.1217 allow remote attackers to execute arbitrary code via an HTTP GET request with a long (1) parameter name or (2) value in a URL, which triggers the overflow in the nextCGIarg function in servhs.cpp.
EPSS
Процентиль: 99%
0.82635
Высокий
7.5 High
CVSS2
Дефекты
CWE-119