cbcvebase.
CVE-2018-18820
published 2018-11-05

CVE-2018-18820: A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can…

PriorityP262high8.1CVSS 3.0
AVNACHPRNUINSUCHIHAH
EPSS
48.94%
98.7th percentile
A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution.

Affected

4 ranges
VendorProductVersion rangeFixed in
debiandebian_linux
debiandebian_linux
debianicecast2< icecast2 2.4.4-1 (bookworm)icecast2 2.4.4-1 (bookworm)
xiphicecast< 2.4.42.4.4

Detection & IOCsextracted from sources · hover to see the quote

  • The vulnerability is triggered via a crafted HTTP header sent to the URL-authentication backend of Icecast. Monitor for anomalous or oversized HTTP headers targeting Icecast URL-auth endpoints.
  • The buffer overflow resides specifically in the URL-authentication backend (URL auth code) of Icecast. Detection should focus on Icecast instances with URL-auth enabled, as the backend must be enabled for exploitation.
  • Patch commits for this vulnerability are available for diff-based detection rule development or to confirm patched state on a host.
  • ·The vulnerability only affects Icecast instances where the URL-authentication backend is explicitly enabled in configuration. Instances not using URL-auth are not exploitable.
  • ·Fixed in Icecast version 2.4.4. Any deployment running a version prior to 2.4.4 with URL-auth enabled should be considered vulnerable.

CVSS provenance

nvdv3.08.1HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
osv8.1HIGH
vendor_debian8.1HIGH
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.