VDB
CVE-2006-4089
CVE-2006-4089
PUBLISHED
CVSS 5 MEDIUM
Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earlier allow remote attackers to cause a denial of service (application crash), or have other unknown impact, via (1) a long Location field sent by a web server, which triggers an overflow in the reconnect function in reader/http/http.c; (2) a long URL sent by a web server when AlsaPlayer is seeking a media file for the playlist, which triggers overflows in new_list_item and CbUpdated in interface/gtk/PlaylistWindow.cpp; and (3) a long response sent by a CDDB server, which triggers an overflow in cddb_lookup in input/ccda/cdda_engine.c.
EPSS 24.80% · 96.3th percentile
Risk Scores
CVSS 2.0
5
EPSS Score
24.80%
96.3th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| n/a | n/a | n/a |
| andy_lo-a-foe | alsaplayer | 0 |
Timeline
- Aug 11, 2006 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 4, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 9, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 8, 2023 EPSS Score
- Jun 15, 2023 EPSS Score
- Jul 17, 2023 EPSS Score
- Sep 8, 2023 EPSS Score
References
- http://www.osvdb.org/27885 technical
- 19450 vdb
- 27883 vdb
- 1356 third-party-advisory
- 27884 vdb
- 21749 third-party-advisory
- alsaplayer-reconnect-bo(28306) vdb
- 22018 third-party-advisory
- 20060809 Multiple buffer-overflows in AlsaPlayer 0.99.76 mailing-list
- http://aluigi.altervista.org/adv/alsapbof-adv.txt url
- 21422 third-party-advisory
- GLSA-200608-24 vendor-advisory
- SUSE-SR:2006:021 vendor-advisory
- DSA-1179 vendor-advisory
- alsaplayer-cddblookup-bo(28308) vdb
- alsaplayer-gtkplaylist-bo(28307) vdb
- ADV-2006-3235 vdb
- 20060809 Multiple buffer-overflows in AlsaPlayer 0.99.76 mailing-list
- 21639 third-party-advisory
- https://nvd.nist.gov/vuln/detail/CVE-2006-4089 advisory