CVE-2018-18820

CVE Database · CVE-2018-18820

CVE-2018-18820

· N/AModified

CVSS v3.1

N/A

EPSS

48.94%

Published

Nov 5, 2018

Modified

Nov 21, 2024

Public PoC / Exploit (1)

All weaponized →

TrickestTrickest PoC index

Links to public security research (Exploit-DB, Nuclei, Trickest, GitHub) for defensive use only.

Description

A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution.

Weaknesses (CWE)

CWE-119

Affected Products (3)

xiph · icecast (up to 2.4.4)vulnerable

debian · debian_linuxvulnerable

References (10)

http://www.openwall.com/lists/oss-security/2018/11/01/3

Mailing ListPatchThird Party Advisory

http://www.securitytracker.com/id/1042019

Third Party AdvisoryVDB Entry

https://lists.debian.org/debian-lts-announce/2018/11/msg00033.html

Third Party Advisory

https://security.gentoo.org/glsa/201811-09

MitigationThird Party Advisory

https://www.debian.org/security/2018/dsa-4333

Third Party Advisory

http://www.openwall.com/lists/oss-security/2018/11/01/3

KEV Catalog EPSS Scores Vendors All CVEs