CVE - CVE-2006-4089

CVE-ID
CVE-2006-4089	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earlier allow remote attackers to cause a denial of service (application crash), or have other unknown impact, via (1) a long Location field sent by a web server, which triggers an overflow in the reconnect function in reader/http/http.c; (2) a long URL sent by a web server when AlsaPlayer is seeking a media file for the playlist, which triggers overflows in new_list_item and CbUpdated in interface/gtk/PlaylistWindow.cpp; and (3) a long response sent by a CDDB server, which triggers an overflow in cddb_lookup in input/ccda/cdda_engine.c.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
BID:19450 URL:http://www.securityfocus.com/bid/19450 BUGTRAQ:20060809 Multiple buffer-overflows in AlsaPlayer 0.99.76 URL:http://www.securityfocus.com/archive/1/442725/100/0/threaded DEBIAN:DSA-1179 URL:http://www.debian.org/security/2006/dsa-1179 FULLDISC:20060809 Multiple buffer-overflows in AlsaPlayer 0.99.76 URL:http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0249.html GENTOO:GLSA-200608-24 URL:http://security.gentoo.org/glsa/glsa-200608-24.xml MISC:http://aluigi.altervista.org/adv/alsapbof-adv.txt OSVDB:27883 URL:~~http://www.osvdb.org/27883~~ (Obsolete source) OSVDB:27884 URL:~~http://www.osvdb.org/27884~~ (Obsolete source) OSVDB:27885 URL:~~http://www.osvdb.org/27885~~ (Obsolete source) SECUNIA:21422 URL:http://secunia.com/advisories/21422 SECUNIA:21639 URL:http://secunia.com/advisories/21639 SECUNIA:21749 URL:http://secunia.com/advisories/21749 SECUNIA:22018 URL:http://secunia.com/advisories/22018 SREASON:1356 URL:http://securityreason.com/securityalert/1356 SUSE:SUSE-SR:2006:021 URL:http://www.novell.com/linux/security/advisories/2006_21_sr.html VUPEN:ADV-2006-3235 URL:~~http://www.vupen.com/english/advisories/2006/3235~~ (Obsolete source) XF:alsaplayer-cddblookup-bo(28308) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/28308 XF:alsaplayer-gtkplaylist-bo(28307) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/28307 XF:alsaplayer-reconnect-bo(28306) URL:https://exchange.xforce.ibmcloud.com/vulnerabilities/28306
Assigning CNA
MITRE Corporation
Date Record Created
20060810	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20060810)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)