| Vulnerability Name: | CVE-2018-18820 (CCN-152464) | ||||||||||||||||||||||||||||||||||||||||||||||||
| Assigned: | 2018-10-16 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Published: | 2018-10-16 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Updated: | 2019-01-23 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Summary: | A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution. | ||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v3 Severity: | 8.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H) 7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
8.5 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||||||
| CVSS v2 Severity: | 6.8 Medium (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P)
| ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Type: | CWE-119 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerability Consequences: | Gain Access | ||||||||||||||||||||||||||||||||||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2018-18820 Source: CCN Type: SECTRACK ID: 1042019 Icecast url-auth Buffer Overflow Lets Remote Users Execute Arbitrary Code Source: MLIST Type: Mailing List, Patch, Third Party Advisory [oss-security] 20181101 Icecast 2.4.4 - CVE-2018-18820 - buffer overflow in url-auth Source: SECTRACK Type: Third Party Advisory, VDB Entry 1042019 Source: XF Type: UNKNOWN icecast-cve201818820-bo(152464) Source: CCN Type: GitLab Web site Security vulnerability: buffer overflow in URL authentication allows remote code execution Source: CCN Type: Icecast Web site Icecast Source: MLIST Type: Third Party Advisory [debian-lts-announce] 20181126 [SECURITY] [DLA-1588-1] icecast2 security update Source: GENTOO Type: Mitigation, Third Party Advisory GLSA-201811-09 Source: DEBIAN Type: Third Party Advisory DSA-4333 | ||||||||||||||||||||||||||||||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||
| BACK | |||||||||||||||||||||||||||||||||||||||||||||||||