Streamripper Multiple Buffer Overflow Vulnerabilities (Win) Network Vulnerability

Summary

The host is installed with Streamripper, which is prone to Multiple Buffer Overflow Vulnerabilities.

Impact

Successful attack could lead to execution of arbitrary code by tricking a user into connecting to a malicious server or can even cause denial of service condition. Impact Level: Application

Solution

Upgrade to Version 1.64.0, http://streamripper.sourceforge.net/

Insight

The flaws are due to boundary error within, - http_parse_sc_header() function in lib/http.c, when parsing an overly long HTTP header starting with Zwitterion v. - http_get_pls() and http_get_m3u() functions in lib/http.c, when parsing a specially crafted pls playlist containing an overly long entry or m3u playlist containing an overly long File entry.

Affected

Streamripper Version 1.63.5 and earlier on Windows.

References

http://secunia.com/advisories/32562
http://www.frsirt.com/english/advisories/2008/3207

Updated on 2015-03-25

Severity

Classification

CVE CVE-2008-4829
CVSS Base Score: 9.3
AV:N/AC:M/Au:N/C:C/I:C/A:C

Related Vulnerabilities

Bopup Communication Server Remote Buffer Overflow Vulnerability
Alleycode HTML Editor Buffer Overflow Vulnerabilities
Adobe Flash Player Buffer Overflow Vulnerability (Windows)
ACDSee FotoSlate PLP Multiple Buffer Overflow Vulnerabilities
A-V Tronics InetServ POP3 Denial Of Service Vulnerability

Take action and discover your vulnerabilities