cbcvebase.
CVE-2006-3355
published 2006-07-06

CVE-2006-3355: Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll allows remote attackers to execute arbitrary code via a long URL, which is not properly…

PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
6.40%
92.8th percentile
Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll allows remote attackers to execute arbitrary code via a long URL, which is not properly terminated before being used with the strncpy function. NOTE: This appears to be the result of an incomplete patch for CVE-2004-0982.

Affected

6 ranges
VendorProductVersion rangeFixed in
debianmpg123< mpg123 0.60-1 (bookworm)mpg123 0.60-1 (bookworm)
mpg123mpg123
mpg123mpg123>= 0 < 0.60-10.60-1
mpg123mpg123>= 0 < 0.60-10.60-1
mpg123mpg123>= 0 < 0.60-10.60-1
mpg123mpg123>= 0 < 0.60-10.60-1

CVSS provenance

nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv10.0CRITICAL
vendor_debian10.0MEDIUM
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.