CVE-2009-4243
published 2010-01-25CVE-2009-4243: RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and…
PriorityP344critical9.3CVSS 2.0
AVNACMAuNCCICAC
EPSS
3.42%
87.4th percentile
RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to have an unspecified impact via a crafted media file that uses HTTP chunked transfer coding, related to an "overflow."
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| realnetworks | helix_player | — | — |
| realnetworks | helix_player | — | — |
| realnetworks | helix_player | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer | — | — |
| realnetworks | realplayer_sp | — | — |
| realnetworks | realplayer_sp | — | — |
CVSS provenance
nvdv2.09.3CRITICALAV:N/AC:M/Au:N/C:C/I:C/A:C
vendor_redhat9.3CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
RealPlayer: HTTP chunk encoding overflow
vendor_redhat·2008-01-17·CVSS 9.3
CVE-2009-4243 [CRITICAL] RealPlayer: HTTP chunk encoding overflow
RealPlayer: HTTP chunk encoding overflow
RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to have an unspecified impact via a crafted media file that uses HTTP chunked transfer coding, related to an "overflow."
GHSA
GHSA-wxqf-m3q4-9hgg: RealNetworks RealPlayer 10, RealPlayer 10
ghsa_unreviewed·2022-05-02
CVE-2009-4243 [HIGH] CWE-119 GHSA-wxqf-m3q4-9hgg: RealNetworks RealPlayer 10, RealPlayer 10
RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741, RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10 and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to have an unspecified impact via a crafted media file that uses HTTP chunked transfer coding, related to an "overflow."
No detection rules found.
Bugzilla
CVE-2022-50021 kernel: ext4: block range must be validated before use in ext4_mb_clear_bb()
bugzilla·2025-06-18·CVSS 7.8
CVE-2022-50021 [HIGH] CVE-2022-50021 kernel: ext4: block range must be validated before use in ext4_mb_clear_bb()
CVE-2022-50021 kernel: ext4: block range must be validated before use in ext4_mb_clear_bb()
In the Linux kernel, the following vulnerability has been resolved:
ext4: block range must be validated before use in ext4_mb_clear_bb()
Block range to free is validated in ext4_free_blocks() using
ext4_inode_block_valid() and then it's passed to ext4_mb_clear_bb().
However in some situations on bigalloc file system the range might be
adjusted after the validation in ext4_free_blocks() which can lead to
troubles on corrupted file systems such as one found by syzkaller that
resulted in the following BUG
kernel BUG at fs/ext4/ext4.h:3319!
PREEMPT SMP NOPTI
CPU: 28 PID: 4243 Comm: repro Kdump: loaded Not tainted 5.19.0-rc6+ #1
Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.15.0-1.fc35 0
Bugzilla
CVE-2009-4243 HelixPlayer / RealPlayer: HTTP chunk encoding overflow
bugzilla·2010-02-03·CVSS 9.3
CVE-2009-4243 [CRITICAL] CVE-2009-4243 HelixPlayer / RealPlayer: HTTP chunk encoding overflow
CVE-2009-4243 HelixPlayer / RealPlayer: HTTP chunk encoding overflow
Common Vulnerabilities and Exposures assigned an identifier CVE-2009-4243 to the following vulnerability:
RealNetworks RealPlayer 10, RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741,
RealPlayer 11 11.0.0 through 11.0.4, RealPlayer Enterprise, Mac RealPlayer 10
and 10.1, Linux RealPlayer 10, and Helix Player 10.x allow remote attackers to
have an unspecified impact via a crafted media file that uses HTTP chunked
transfer coding, related to an "overflow."
References:
http://service.real.com/realplayer/security/01192010_player/en/
http://xforce.iss.net/xforce/xfdb/55796
Discussion:
Upstream patch:
http://lists.helixcommunity.org/pipermail/filesystem-cvs/2008-January/000676.html
https://helixcommunity.org/viewcvs/filesys
Bugzilla
HelixPlayer / RealPlayer: multiple security issues (01192010_player)
bugzilla·2010-01-29·CVSS 9.3
[CRITICAL] HelixPlayer / RealPlayer: multiple security issues (01192010_player)
HelixPlayer / RealPlayer: multiple security issues (01192010_player)
RealNetworks has published a security advisory mentioning 11 security issues affecting various RealPlayer / HelixPlayer versions:
http://service.real.com/realplayer/security/01192010_player/en/
Upstream advisory does not specify which issues should be applicable to HelixPlayer 1.0.x versions (Affected? By various).
Some of the issues are covered by 3rd party advisories (e.g. ZDI) listed below.
Vulnerability 1:
The identified vulnerability is a RealPlayer ASM Rulebook heap-based buffer overflow: CVE-2009-4241
http://www.zerodayinitiative.com/advisories/ZDI-10-005/
Vulnerability 2:
The identified vulnerability is a RealPlayer GIF file Heap Overflow: CVE-2009-4242
http://www.zerodayinitiative.com/advisories/ZDI-10-006/
http://osvdb.org/61967http://secunia.com/advisories/38218http://securitytracker.com/id?1023489http://service.real.com/realplayer/security/01192010_player/en/http://www.securityfocus.com/bid/37880http://www.vupen.com/english/advisories/2010/0178https://exchange.xforce.ibmcloud.com/vulnerabilities/55796http://osvdb.org/61967http://secunia.com/advisories/38218http://securitytracker.com/id?1023489http://service.real.com/realplayer/security/01192010_player/en/http://www.securityfocus.com/bid/37880http://www.vupen.com/english/advisories/2010/0178https://exchange.xforce.ibmcloud.com/vulnerabilities/55796
2010-01-25
Published