VYPR

Network Audio System

by Radscan

CVEs (7)

  • CVE-2007-1543Mar 20, 2007
    risk 0.01cvss epss 0.08

    Stack-based buffer overflow in the accept_att_local function in server/os/connection.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to execute arbitrary code via a long path slave name in a USL socket connection.

  • CVE-2013-4258Oct 9, 2013
    risk 0.00cvss epss 0.04

    Format string vulnerability in the osLogMsg function in server/os/aulog.c in Network Audio System (NAS) 1.9.3 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via format string specifiers in unspecified vectors, related to syslog.

  • CVE-2013-4256Oct 9, 2013
    risk 0.00cvss epss 0.01

    Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display command argument to the ProcessCommandLine function in server/os/utils.c; (2)…

  • CVE-2007-1547Mar 20, 2007
    risk 0.00cvss epss 0.04

    The ReadRequestFromClient function in server/os/io.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via multiple simultaneous connections, which triggers a NULL pointer dereference.

  • CVE-2007-1544Mar 20, 2007
    risk 0.00cvss epss 0.05

    Integer overflow in the ProcAuWriteElement function in server/dia/audispatch.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a large max_samples value.

  • CVE-2007-1545Mar 20, 2007
    risk 0.00cvss epss 0.02

    The AddResource function in server/dia/resource.c in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (server crash) via a nonexistent client ID.

  • CVE-2007-1546Mar 20, 2007
    risk 0.00cvss epss 0.02

    Array index error in Network Audio System (NAS) before 1.8a SVN 237 allows remote attackers to cause a denial of service (crash) via (1) large num_action values in the ProcAuSetElements function in server/dia/audispatch.c or (2) a large inputNum parameter to the compileInputs…