CVE-2007-6454
published 2007-12-20CVE-2007-6454: Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to…
PriorityP260critical10CVSS 2.0
AVNACLAuNCCICAC
EXPLOIT
EPSS
16.80%
96.7th percentile
Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| peercast | peercast | <= 0.1217 | — |
| peercast | peercast | <= svn_344 | — |
| peercast | peercast | — | — |
| peercast | peercast | — | — |
| peercast | peercast | — | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Detect oversized HTTP SOURCE requests targeting PeerCast; the vulnerability is triggered via a long SOURCE request in the handshakeHTTP function (servhs.cpp). ↗
- →Monitor for heap-based buffer overflow conditions in PeerCast versions 0.1217 and earlier (including SVN 344 and earlier) triggered by abnormally large SOURCE method HTTP requests. ↗
- →Alert on unexpected crashes or denial-of-service conditions in PeerCast processes, which may indicate failed exploitation attempts of this buffer overflow. ↗
- ·Affected versions are PeerCast 0.12.17 / 0.1217 and earlier, and SVN 334/344 and earlier; version references differ slightly between sources. ↗
- ·The overflow occurs specifically in the handshakeHTTP function within servhs.cpp; detection or patching efforts should focus on this code path. ↗
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
http://aluigi.altervista.org/adv/peercasthof-adv.txthttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457300http://bugs.gentoo.org/show_bug.cgi?id=202747http://bugs.gentoo.org/show_bug.cgi?id=202747http://secunia.com/advisories/28120http://secunia.com/advisories/28260http://secunia.com/advisories/28719http://secunia.com/advisories/30325http://securityreason.com/securityalert/3461http://www.debian.org/security/2007/dsa-1441http://www.debian.org/security/2008/dsa-1583http://www.gentoo.org/security/en/glsa/glsa-200801-22.xmlhttp://www.securityfocus.com/archive/1/485199/100/0/threadedhttp://www.securityfocus.com/bid/26899http://www.vupen.com/english/advisories/2007/4246https://exchange.xforce.ibmcloud.com/vulnerabilities/39075http://aluigi.altervista.org/adv/peercasthof-adv.txthttp://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457300http://bugs.gentoo.org/show_bug.cgi?id=202747http://bugs.gentoo.org/show_bug.cgi?id=202747http://secunia.com/advisories/28120http://secunia.com/advisories/28260http://secunia.com/advisories/28719http://secunia.com/advisories/30325http://securityreason.com/securityalert/3461http://www.debian.org/security/2007/dsa-1441http://www.debian.org/security/2008/dsa-1583http://www.gentoo.org/security/en/glsa/glsa-200801-22.xmlhttp://www.securityfocus.com/archive/1/485199/100/0/threadedhttp://www.securityfocus.com/bid/26899http://www.vupen.com/english/advisories/2007/4246https://exchange.xforce.ibmcloud.com/vulnerabilities/39075
2007-12-20
Published