Debian Icecast2 vulnerabilities
7 known vulnerabilities affecting debian/icecast2.
Total CVEs
7
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM4LOW1
Vulnerabilities
Page 1 of 1
CVE-2004-1561P2HIGHCVSS 7.5PoCfixed in icecast2 2.0.2.debian-1 (bookworm)2004
CVE-2004-1561 [HIGH] CVE-2004-1561: icecast2 - Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute ...
Buffer overflow in Icecast 2.0.1 and earlier allows remote attackers to execute arbitrary code via an HTTP request with a large number of headers.
Scope: local
bookworm: resolved (fixed in 2.0.2.debian-1)
bullseye: resolved (fixed in 2.0.2.debian-1)
forky: resolved (fixed in 2.0.2.debian-1)
sid: resolved (fixed in 2.0.2.debian-1)
trixie: resolved (fixed in 2.0.2.debi
debian
CVE-2018-18820P2HIGHCVSS 8.1fixed in icecast2 2.4.4-1 (bookworm)2018
CVE-2018-18820 [HIGH] CVE-2018-18820: icecast2 - A buffer overflow was discovered in the URL-authentication backend of the Icecas...
A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution.
Scope: local
bookworm: resolved (fixed in 2.4.4-1)
bullseye: resolved (
debian
CVE-2015-3026P4MEDIUMCVSS 5.0fixed in icecast2 2.4.2-1 (bookworm)2015
CVE-2015-3026 [MEDIUM] CVE-2015-3026: icecast2 - Icecast before 2.4.2, when a stream_auth handler is defined for URL authenticati...
Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg."
Scope: local
bookworm: resolved (fixed in 2.4.2-1)
bullseye: resolved (fixed in 2.4.
debian
CVE-2014-9018P4MEDIUMCVSS 5.0fixed in icecast2 2.4.0-1.1 (bookworm)2014
CVE-2014-9018 [MEDIUM] CVE-2014-9018: icecast2 - Icecast before 2.4.1 transmits the output of the on-connect script, which might ...
Icecast before 2.4.1 transmits the output of the on-connect script, which might allow remote attackers to obtain sensitive information, related to shared file descriptors.
Scope: local
bookworm: resolved (fixed in 2.4.0-1.1)
bullseye: resolved (fixed in 2.4.0-1.1)
forky: resolved (fixed in 2.4.0-1.1)
sid: resolved (fixed in 2.4.0-1.1)
trixie: resolved (fixed in 2.4
debian
CVE-2004-2027P4MEDIUMCVSS 5.0fixed in icecast2 2.0.1.debian-1 (bookworm)2004
CVE-2004-2027 [MEDIUM] CVE-2004-2027: icecast2 - Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers to cause a ...
Buffer overflow in Icecast 2.0.0 and earlier allows remote attackers to cause a denial of service (crash) via a long Basic Authorization header that triggers an out-of-bounds read.
Scope: local
bookworm: resolved (fixed in 2.0.1.debian-1)
bullseye: resolved (fixed in 2.0.1.debian-1)
forky: resolved (fixed in 2.0.1.debian-1)
sid: resolved (fixed in 2.0.1.debian-1)
t
debian
CVE-2011-4612P4MEDIUMCVSS 5.0fixed in icecast2 2.3.3-1 (bookworm)2011
CVE-2011-4612 [MEDIUM] CVE-2011-4612: icecast2 - icecast before 2.3.3 allows remote attackers to inject control characters such a...
icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via a crafted URL.
Scope: local
bookworm: resolved (fixed in 2.3.3-1)
bullseye: resolved (fixed in 2.3.3-1)
forky: resolved (fixed in 2.3.3-1)
sid: resolved (fixed in 2.3.3-1)
trixie: resolved (fixed in 2.3.3-1)
debian
CVE-2014-9091P4LOWCVSS 4.6fixed in icecast2 2.4.0-1 (bookworm)2014
CVE-2014-9091 [MEDIUM] CVE-2014-9091: icecast2 - Icecast before 2.4.0 does not change the supplementary group privileges when <ch...
Icecast before 2.4.0 does not change the supplementary group privileges when is configured, which allows local users to gain privileges via unspecified vectors.
Scope: local
bookworm: resolved (fixed in 2.4.0-1)
bullseye: resolved (fixed in 2.4.0-1)
forky: resolved (fixed in 2.4.0-1)
sid: resolved (fixed in 2.4.0-1)
trixie: resolved (fixed in 2.4.0-1)
debian