CVE-2004-2299
Description
Omnicron OmniHTTPd 3.0a and earlier is vulnerable to a buffer overflow via a crafted HTTP GET request, allowing remote code execution.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Omnicron OmniHTTPd 3.0a and earlier is vulnerable to a buffer overflow via a crafted HTTP GET request, allowing remote code execution.
Vulnerability
Omnicron OmniHTTPd versions 3.0a and earlier are affected by a buffer overflow vulnerability. This issue arises from the application's failure to properly validate string sizes when processing user input, specifically within the handling of the HTTP GET request's Range header. [1]
Exploitation
An attacker can exploit this vulnerability by sending a malicious HTTP GET request containing a long Range header to the vulnerable OmniHTTPd server. This requires network access to the server and does not appear to require any authentication or user interaction. [1]
Impact
Successful exploitation of this buffer overflow allows a remote attacker to execute arbitrary code on the affected server. The code will run with the same privileges as the OmniHTTPd web server process. [1]
Mitigation
No specific patched version or release date is mentioned in the available references. Users are advised to upgrade to a version that addresses this vulnerability if available, or to implement network-level access controls to prevent external access to the affected service. The vendor's website is http://www.omnicron.ca. [1]
AI Insight generated on Jun 6, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
1Patches
0No patches discovered yet.
Vulnerability mechanics
No source-code context for this CVE — mechanics is only generated when we can read the actual fix diff. Without that, the four sections (root cause, attack vector, affected code, fix) would be speculation rather than analysis.
References
4News mentions
0No linked articles in our index yet.