cbcvebase.
CVE-2008-2040
published 2008-04-30

CVE-2008-2040: Stack-based buffer overflow in the HTTP::getAuthUserPass function (core/common/http.cpp) in Peercast 0.1218 and gnome-peercast allows remote attackers to cause…

PriorityP355high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
14.86%
96.3th percentile
Stack-based buffer overflow in the HTTP::getAuthUserPass function (core/common/http.cpp) in Peercast 0.1218 and gnome-peercast allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Basic Authentication string with a long (1) username or (2) password.

Affected

1 ranges
VendorProductVersion rangeFixed in
peercastpeercast

Detection & IOCsextracted from sources · hover to see the quote

port7144
url/http/
bytes
Authorization: Basic OmZ + 'vb29'*128 + 'vbwo='
  • Detect oversized Basic Authentication headers in HTTP requests to port 7144 (PeerCast default). A long base64-encoded credential string in the Authorization header is the exploit delivery mechanism.
  • Monitor HTTP requests targeting the '/http/' path on port 7144, which is the specific endpoint exercised by the exploit to trigger the buffer overflow in HTTP::getAuthUserPass.
  • The vulnerability is a stack-based buffer overflow triggered by a long username or password in a Basic Authentication string; alert on abnormally large Authorization: Basic header values directed at PeerCast listeners.
  • ·The exploit targets PeerCast 0.1218 specifically; other versions may also be affected but are not confirmed.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.