CVE-2007-1344

Published Mar 8, 2007

Last updated 3 years ago

Overview

Description: Multiple buffer overflows in src/ezstream.c in Ezstream before 0.3.0 allow remote attackers to execute arbitrary code via a crafted XML configuration file processed by the (1) urlParse function, which causes a stack-based overflow and the (2) ReplaceString function, which causes a heap-based overflow. NOTE: some of these details are obtained from third party information.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 9.3
Impact score: 10
Exploitability score: 8.6
Vector string: AV:N/AC:M/Au:N/C:C/I:C/A:C

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Evaluator

Comment: This vulnerability has been addressed through a product update: http://www.icecast.org/ezstream.php#ez_download
Impact: -
Solution: -

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:xiph:icecast_ezstream:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B610408B-BB3D-4700-9FE2-597749E53F48",
            "versionEndIncluding": "0.1.0"
          },
          {
            "criteria": "cpe:2.3:a:xiph:icecast_ezstream:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D1F8694A-51BA-4B01-B0AA-AF90A5B4F2BC",
            "versionEndIncluding": "0.1.1"
          },
          {
            "criteria": "cpe:2.3:a:xiph:icecast_ezstream:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "054B3203-9AF0-4CDD-8EC0-F427C0084BBE",
            "versionEndIncluding": "0.1.2"
          },
          {
            "criteria": "cpe:2.3:a:xiph:icecast_ezstream:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7EE57171-F3CB-4AAE-BCBB-D066A09421DA",
            "versionEndIncluding": "0.1.3"
          },
          {
            "criteria": "cpe:2.3:a:xiph:icecast_ezstream:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6B72E48A-C7B1-4ABE-A816-AC608CF92CE0",
            "versionEndIncluding": "0.2.0"
          },
          {
            "criteria": "cpe:2.3:a:xiph:icecast_ezstream:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D2D745C-33E5-42CB-B188-293AF99B928A",
            "versionEndIncluding": "0.2.1"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Evaluator

Configurations

References