cbcvebase.
CVE-2005-2922
published 2005-12-31

CVE-2005-2922: Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player…

PriorityP337critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
5.78%
92.2th percentile
Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header.

Affected

30 ranges· showing 25
VendorProductVersion rangeFixed in
realnetworkshelix_player
realnetworkshelix_player
realnetworkshelix_player
realnetworkshelix_player
realnetworkshelix_player
realnetworkshelix_player
realnetworkshelix_player
realnetworksrealone_player
realnetworksrealone_player
realnetworksrealone_player
realnetworksrealone_player
realnetworksrealplayer
realnetworksrealplayer
realnetworksrealplayer
realnetworksrealplayer
realnetworksrealplayer
realnetworksrealplayer
realnetworksrealplayer
realnetworksrealplayer
realnetworksrealplayer
realnetworksrealplayer
realnetworksrealplayer
realnetworksrealplayer
realnetworksrealplayer
realnetworksrealplayer

CVSS provenance

nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.