Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2004-0386

6 documents6 sources

Severity

10.0CRITICAL

EPSS

36.8%

top 2.86%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Gentoo Linux Mandrakesoft Mandrake Linux Mplayer Mplayer

Timeline

PublishedMay 4

Latest updateApr 29

Description

Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0.91 allows remote attackers to execute arbitrary code via a long Location header.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages4 packages

▶Debianmplayer< 1.0~pre6a-1+3

▶NVDmplayer/mplayer7 versions+6

▶NVDgentoo/linux5 versions+4

▶NVDmandrakesoft/mandrake_linux10.0, 9.2+1

Patches

Patch: secunia.com ↗Patch: security.gentoo.org ↗Patch: www.kb.cert.org ↗

🔴Vulnerability Details

GHSA

GHSA-qpvf-9394-g8pr: Buffer overflow in the HTTP parser for MPlayer 1↗2022-04-29

▶

OSV

CVE-2004-0386: Buffer overflow in the HTTP parser for MPlayer 1↗2004-05-04

▶

CVEList

CVE-2004-0386: Buffer overflow in the HTTP parser for MPlayer 1↗2004-04-07

▶

💥Exploits & PoCs

Exploit-DB

MPlayer 0.9/1.0 - Remote HTTP Header Buffer Overflow↗2004-03-30

▶

📋Vendor Advisories

Debian

CVE-2004-0386: mplayer - Buffer overflow in the HTTP parser for MPlayer 1.0pre3 and earlier, 0.90, and 0....↗2004

▶