CVE-2006-4089
Last modified
CVE-2006-4089 is a vulnerability of currently unknown severity. Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earlier allow remote attackers to cause a denial of service (application crash), or have other unknown impact, via (1) a long Location field sent by a web server, which triggers an overflow in the reconnect function in reader/http/http.c; (2) a long URL sent by a web server when AlsaPlayer is seeking a media file for the playlist, which triggers overflows in new_list_item and CbUpdated in interface/gtk/PlaylistWindow.cpp; and (3) a long response sent by a CDDB server, which triggers an overflow in cddb_lookup in input/ccda/cdda_engine.c.. EPSS estimates a 10.45% chance of exploitation in the next 30 days.
Description
Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earlier allow remote attackers to cause a denial of service (application crash), or have other unknown impact, via (1) a long Location field sent by a web server, which triggers an overflow in the reconnect function in reader/http/http.c; (2) a long URL sent by a web server when AlsaPlayer is seeking a media file for the playlist, which triggers overflows in new_list_item and CbUpdated in interface/gtk/PlaylistWindow.cpp; and (3) a long response sent by a CDDB server, which triggers an overflow in cddb_lookup in input/ccda/cdda_engine.c.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Andy Lo-A-Foe | Alsaplayer | <= 0.99.76 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2006-4089?
How severe is CVE-2006-4089?
How do I fix CVE-2006-4089?
Are you affected by CVE-2006-4089?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST