Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2003-0865 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Mpg123

6 documents6 sources

Severity

7.5HIGHNVD

EPSS

19.5%

top 4.59%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Mpg123

Timeline

PublishedNov 17

Latest updateMay 3

Description

Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r and 0.59s allows remote attackers to execute arbitrary code via a long request.

CVSS vector

AV:N/AC:L/C:P/I:P/A:PExploitability: 10.0 | Impact: 6.4

Affected Packages2 packages

▶Debianmpg123/mpg123< 0.59r-15+3

▶NVDmpg123/mpg1230.59r, 0.59s+1

Patches

Patch: www.debian.org ↗Patch: www.securityfocus.com ↗Patch: www.debian.org ↗

🔴Vulnerability Details

GHSA

GHSA-f96j-qf54-qvww: Heap-based buffer overflow in readstring of httpget↗2022-05-03

▶

OSV

CVE-2003-0865: Heap-based buffer overflow in readstring of httpget↗2003-11-17

▶

CVEList

CVE-2003-0865: Heap-based buffer overflow in readstring of httpget↗2003-10-17

▶

💥Exploits & PoCs

Exploit-DB

MPG123 0.59 - Remote File Play Heap Corruption↗2003-09-23

▶

📋Vendor Advisories

Debian

CVE-2003-0865: mpg123 - Heap-based buffer overflow in readstring of httpget.c for mpg123 0.59r and 0.59s...↗2003

▶