10

CVE-2007-6454

Exploit
Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
PeercastPeercast Version <= 0.1217
PeercastPeercast Version <= svn_344
PeercastPeercast Version0.1211
PeercastPeercast Version0.1212
PeercastPeercast Version0.1215
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 16.8% 0.966
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 10 10 10
AV:N/AC:L/Au:N/C:C/I:C/A:C
CWE-119 Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

http://aluigi.altervista.org/adv/peercasthof-adv.txt
Exploit
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457300
http://bugs.gentoo.org/show_bug.cgi?id=202747
http://secunia.com/advisories/28120
Vendor Advisory
http://secunia.com/advisories/28260
http://secunia.com/advisories/28719
http://secunia.com/advisories/30325
http://securityreason.com/securityalert/3461
http://www.debian.org/security/2007/dsa-1441
http://www.debian.org/security/2008/dsa-1583
http://www.gentoo.org/security/en/glsa/glsa-200801-22.xml
http://www.securityfocus.com/archive/1/485199/100/0/threaded
http://www.securityfocus.com/bid/26899
Patch
Exploit
http://www.vupen.com/english/advisories/2007/4246
https://exchange.xforce.ibmcloud.com/vulnerabilities/39075