rpm package
opensuse/icecast&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/icecast&distro=openSUSE%20Tumbleweed
Vulnerabilities (4)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2018-18820 | — | < 2.4.4-2.1 | 2.4.4-2.1 | Nov 5, 2018 | A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote | ||
| CVE-2014-9018 | — | < 2.4.2-1.7 | 2.4.2-1.7 | Dec 3, 2014 | Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors. | ||
| CVE-2011-4612 | — | < 2.4.2-1.7 | 2.4.2-1.7 | Nov 20, 2012 | icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via a crafted URL. | ||
| CVE-2005-0837 | — | < 2.4.4-2.1 | 2.4.4-2.1 | May 2, 2005 | IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . (dot). |
- CVE-2018-18820Nov 5, 2018affected < 2.4.4-2.1fixed 2.4.4-2.1
A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote
- CVE-2014-9018Dec 3, 2014affected < 2.4.2-1.7fixed 2.4.2-1.7
Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors.
- CVE-2011-4612Nov 20, 2012affected < 2.4.2-1.7fixed 2.4.2-1.7
icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via a crafted URL.
- CVE-2005-0837May 2, 2005affected < 2.4.4-2.1fixed 2.4.4-2.1
IceCast 2.20 allows remote attackers to bypass the XSL parser and obtain the source for XSL files via a request for a .xsl file with a trailing . (dot).