Unrated severityNVD Advisory· Published Mar 10, 2006· Updated Apr 16, 2026

CVE-2006-1148

Description

Multiple stack-based buffer overflows in the procConnectArgs function in servmgr.cpp in PeerCast before 0.1217 allow remote attackers to execute arbitrary code via an HTTP GET request with a long (1) parameter name or (2) value in a URL, which triggers the overflow in the nextCGIarg function in servhs.cpp.

Affected products

Peercast/Peercast3 versions
cpe:2.3:a:peercast:peercast:*:*:*:*:*:*:*:*+ 2 more
- cpe:2.3:a:peercast:peercast:*:*:*:*:*:*:*:*range: <=0.1215
- cpe:2.3:a:peercast:peercast:0.1211:*:*:*:*:*:*:*
- cpe:2.3:a:peercast:peercast:0.1212:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

www.infigo.hr/in_focus/INFIGO-2006-03-01nvdExploitPatchVendor Advisory
www.securityfocus.com/bid/17040nvdExploitPatch
secunia.com/advisories/19291nvdVendor Advisory
www.vupen.com/english/advisories/2006/0900nvdVendor Advisory
secunia.com/advisories/19169nvd
security.gentoo.org/glsa/glsa-200603-17.xmlnvd
www.osvdb.org/23777nvd
www.peercast.org/forum/viewtopic.phpnvd
www.securityfocus.com/archive/1/427160/100/0/threadednvd
exchange.xforce.ibmcloud.com/vulnerabilities/25113nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.067
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000