National Vulnerability Database

National Vulnerability Database

National Vulnerability

Search Results (Refine Search)

Search Parameters:
  • Contains Software Flaws (CVE)
  • CPE Product Version: cpe:/a:xiph:icecast:2.4.1
There are 2 matching records.
Vuln ID Summary CVSS Severity

A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution.

Published: November 05, 2018; 02:29:00 PM -05:00
V3: 8.1 HIGH
V2: 6.8 MEDIUM

Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg."

Published: April 29, 2015; 04:59:02 PM -04:00
V2: 5.0 MEDIUM