CVE-2006-4197
CVE-2006-4197
Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c.
Affected products
n/a · n/apublic PoCs found — 1
exploitdbwww.exploit-db.com/exploits/28384unverified⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://aluigi.altervista.org/adv/brainzbof-adv.txthttp://secunia.com/advisories/21404http://secunia.com/advisories/21668http://secunia.com/advisories/21699http://secunia.com/advisories/22191http://secunia.com/advisories/22393http://secunia.com/advisories/22517http://secunia.com/advisories/22639http://security.gentoo.org/glsa/glsa-200610-09.xmlhttp://securityreason.com/securityalert/1399http://securitytracker.com/id?1016691https://exchange.xforce.ibmcloud.com/vulnerabilities/28367