5.8
CVE-2007-4337
- EPSS 3.51%
- Veröffentlicht 14.08.2007 18:17:00
- Zuletzt bearbeitet 16.06.2026 22:43:50
- Quelle cve@mitre.org
- CVE-Watchlists
- Unerledigt
LoginMultiple buffer overflows in the httplib_parse_sc_header function in lib/http.c in Streamripper before 1.62.2 allow remote attackers to execute arbitrary code via long (1) Location and (2) Server HTTP headers, a different vulnerability than CVE-2006-3124.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Streamripper ≫ Streamripper Version1.61.1
Streamripper ≫ Streamripper Version1.61.17
Streamripper ≫ Streamripper Version1.61.24
Streamripper ≫ Streamripper Version1.61.25
Streamripper ≫ Streamripper Version1.61.26
Streamripper ≫ Streamripper Version1.62
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 3.51% | 0.877 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 5.8 | 8.6 | 4.9 |
AV:N/AC:M/Au:N/C:P/I:P/A:N
|
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer
The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.
http://osvdb.org/39533
http://secunia.com/advisories/26406
http://secunia.com/advisories/26814
http://secunia.com/advisories/33052
http://secunia.com/advisories/33061
http://security.gentoo.org/glsa/glsa-200709-03.xml
http://sourceforge.net/project/shownotes.php?group_id=6172&release_id=531738
http://streamripper.cvs.sourceforge.net/streamripper/sripper_1x/lib/http.c?r1=1.38&r2=1.39
http://www.debian.org/security/2008/dsa-1683
http://www.securityfocus.com/archive/1/476302/100/0/threaded
http://www.securityfocus.com/bid/25278
http://www.securitytracker.com/id?1018553
http://www.vupen.com/english/advisories/2007/2858