Main Vulnerability Database Vulnerabilities #VU15691

Buffer overflow in Icecast - CVE-2018-18820

Published: November 2, 2018

Vulnerability identifier: #VU15691

CSH Severity: High

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber

CVE-ID: CVE-2018-18820

CWE-ID: CWE-119

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: Icecast.org

Affected software:
Icecast

Detailed vulnerability description

The vulnerability allows a remote attacker to execute arbitrary code on the target system.

The vulnerability exists due to a boundary error when processing URL in url_add_client() function in auth_url.c. A remote unauthenticated attacker can send an overly long URL to the affected server, trigger buffer overflow and crash the server or execute arbitrary code on the target system.

Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.

How to mitigate CVE-2018-18820

Install updates from vendor's website.

Sources

https://gitlab.xiph.org/xiph/icecast-server/issues/2342

Buffer overflow in Icecast - CVE-2018-18820

Detailed vulnerability description

How to mitigate CVE-2018-18820

Sources

Please verify you're human