CVE-2006-4089
CVE-2006-4089
Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earlier allow remote attackers to cause a denial of service (application crash), or have other unknown impact, via (1) a long Location field sent by a web server, which triggers an overflow in the reconnect function in reader/http/http.c; (2) a long URL sent by a web server when AlsaPlayer is seeking a media file for the playlist, which triggers overflows in new_list_item and CbUpdated in interface/gtk/PlaylistWindow.cpp; and (3) a long response sent by a CDDB server, which triggers an overflow in cddb_lookup in input/ccda/cdda_engine.c.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/28367unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://aluigi.altervista.org/adv/alsapbof-adv.txthttp://archives.neohapsis.com/archives/fulldisclosure/2006-08/0249.htmlhttp://secunia.com/advisories/21422http://secunia.com/advisories/21639http://secunia.com/advisories/21749http://secunia.com/advisories/22018http://security.gentoo.org/glsa/glsa-200608-24.xmlhttp://securityreason.com/securityalert/1356https://exchange.xforce.ibmcloud.com/vulnerabilities/28306https://exchange.xforce.ibmcloud.com/vulnerabilities/28307https://exchange.xforce.ibmcloud.com/vulnerabilities/28308http://www.debian.org/security/2006/dsa-1179