CVE-2007-6103
published 2007-11-23CVE-2007-6103: I Hear U (IHU) 0.5.6 and earlier allows remote attackers to cause (1) a denial of service (infinite loop) via a packet that contains zero in the size field in…
PriorityP425medium5CVSS 2.0
AVNACLAuNCNINAP
EXPLOIT
EPSS
4.96%
91.1th percentile
I Hear U (IHU) 0.5.6 and earlier allows remote attackers to cause (1) a denial of service (infinite loop) via a packet that contains zero in the size field in its header, which is improperly handled by the Receiver::processPacket function; and (2) a denial of service (daemon crash) via an (a) IHU_INFO_INIT or a (b) IHU_INFO_RING packet that does not specify the mode, which is improperly handled by the Player::ring function in Player.cpp.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| ihu | i_hear_u | <= 0.5.6 | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Bugzilla
CVE-2006-6101 Multiple XFree86 integer overflows (CVE-2006-6102, CVE-2006-6103)
bugzilla·2006-12-07·CVSS 6.6
CVE-2006-6101 [MEDIUM] CVE-2006-6101 Multiple XFree86 integer overflows (CVE-2006-6102, CVE-2006-6103)
CVE-2006-6101 Multiple XFree86 integer overflows (CVE-2006-6102, CVE-2006-6103)
iDefense reported several integer overflow flaws in the XFree86 server source.
These flaws may allow a local user to leverage these flaws to become root.
Discussion:
These flaws also affect RHEL2.1
---
Created attachment 143094
Upstream patch
---
Built as XFree86-4.3.0-114.EL for RHEL3.
RHEL 2.1 is waiting for beehive to wake up.
---
XFree86-4.1.0-78.EL for RHEL 2.1
---
correction, -115 for RHEL3.
---
These issues are public:
http://lists.freedesktop.org/archives/xorg-announce/2007-January/000235.html
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For more information
on the solution a
Bugzilla
CVE-2006-6101 Multiple xorg-x11 integer overflows (CVE-2006-6102, CVE-2006-6103)
bugzilla·2006-12-07·CVSS 6.6
CVE-2006-6101 [MEDIUM] CVE-2006-6101 Multiple xorg-x11 integer overflows (CVE-2006-6102, CVE-2006-6103)
CVE-2006-6101 Multiple xorg-x11 integer overflows (CVE-2006-6102, CVE-2006-6103)
+++ This bug was initially created as a clone of Bug #218870 +++
iDefense reported several integer overflow flaws in the XFree86 server source.
These flaws may allow a local user to leverage these flaws to become root.
-- Additional comment from [email protected] on 2006-12-07 17:06 EST --
Created an attachment (id=143094)
Upstream patch
Discussion:
Built as xorg-x11-6.8.2-1.EL.13.37.4 for RHEL4.
---
correction, -1.EL.13.37.5 for RHEL5.
---
This issue is public:
http://lists.freedesktop.org/archives/xorg-announce/2007-January/000235.html
---
An advisory has been issued which should help the problem
described in this bug report. This report is therefore being
closed with a resolution of ERRATA. For
http://aluigi.altervista.org/adv/ihudos-adv.txthttp://osvdb.org/42395http://osvdb.org/42396http://secunia.com/advisories/27754http://sourceforge.net/project/shownotes.php?release_id=355409&group_id=75788http://www.securityfocus.com/bid/26516https://exchange.xforce.ibmcloud.com/vulnerabilities/38568https://exchange.xforce.ibmcloud.com/vulnerabilities/38569http://aluigi.altervista.org/adv/ihudos-adv.txthttp://osvdb.org/42395http://osvdb.org/42396http://secunia.com/advisories/27754http://sourceforge.net/project/shownotes.php?release_id=355409&group_id=75788http://www.securityfocus.com/bid/26516https://exchange.xforce.ibmcloud.com/vulnerabilities/38568https://exchange.xforce.ibmcloud.com/vulnerabilities/38569
2007-11-23
Published