- Description
- Buffer overflow in Pico Server (pServ) 2.0 beta 1 through beta 5 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via (1) a 1024-byte TCP stream message, which triggers an off-by-one buffer overflow, or (2) a long method name in an HTTP request, (3) a long version number in an HTTP request, (4) a long User-Agent header, or (5) a long file path.
- Source
- cve@mitre.org
- NVD status
- Modified
CVSS 2.0
- Type
- Primary
- Base score
- 7.5
- Impact score
- 6.4
- Exploitability score
- 10
- Vector string
- AV:N/AC:L/Au:N/C:P/I:P/A:P
- nvd@nist.gov
- CWE-119
- Hype score
- Not currently trending
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:pico_server:pico_server:2.0_beta_1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E1443E18-BE72-40DA-A60F-A7B07562B4A7"
},
{
"criteria": "cpe:2.3:a:pico_server:pico_server:2.0_beta_2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "40732C3E-0712-4C1D-866C-2EEE0A6E074A"
},
{
"criteria": "cpe:2.3:a:pico_server:pico_server:2.0_beta_3:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "039B4648-13C5-4612-A1D0-3B750E1CAE15"
},
{
"criteria": "cpe:2.3:a:pico_server:pico_server:2.0_beta_5:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "370AE4EF-9722-4FC0-B049-E35686DDEC8C"
}
],
"operator": "OR"
}
]
}
]