Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2006-2802Improper Restriction of Operations within the Bounds of a Memory Buffer in Gxine

5 documents5 sources
Severity
5.0MEDIUMNVD
EPSS
11.0%
top 6.56%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
2
Xine GxineXine Xine-lib
Timeline
PublishedJun 3
Latest updateMay 1

Description

Buffer overflow in the HTTP Plugin (xineplug_inp_http.so) for xine-lib 1.1.1 allows remote attackers to cause a denial of service (application crash) via a long reply from an HTTP server, as demonstrated using gxine 0.5.6.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

NVDxine/gxine0.5.6
NVDxine/xine-lib4 versions+3

🔴Vulnerability Details

2
GHSA
GHSA-4qgc-r788-x389: Buffer overflow in the HTTP Plugin (xineplug_inp_http2022-05-01
CVEList
CVE-2006-2802: Buffer overflow in the HTTP Plugin (xineplug_inp_http2006-06-03

💥Exploits & PoCs

1
Exploit-DB
gxine 0.5.6 - HTTP Plugin Remote Buffer Overflow (PoC)2006-05-30

📋Vendor Advisories

1
Ubuntu
xine-lib vulnerability2006-06-09