Xiph Icecast vulnerabilities
3 known vulnerabilities affecting xiph/icecast.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM2
Vulnerabilities
Page 1 of 1
CVE-2018-18820P2HIGHCVSS 8.1fixed in 2.4.42018-11-05
CVE-2018-18820 [HIGH] CWE-119 CVE-2018-18820: A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If t
A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution.
nvd
CVE-2015-3026P4MEDIUMCVSS 5.0≤ 2.4.12015-04-29
CVE-2015-3026 [MEDIUM] CVE-2015-3026: Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote at
Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg."
nvd
CVE-2011-4612P4MEDIUMCVSS 5.0≤ 2.3.22012-11-20
CVE-2011-4612 [MEDIUM] CWE-20 CVE-2011-4612: icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the
icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via a crafted URL.
nvd