QwikSec

Security Database

CVE

CWE

Training

CVE-2005-2922

Published: Mar 23, 2006

Modified: Aug 7, 2024

PUBLISHED

Description

Heap-based buffer overflow in the embedded player in multiple RealNetworks products and versions including RealPlayer 10.x, RealOne Player, and Helix Player allows remote malicious servers to cause a denial of service (crash) and possibly execute arbitrary code via a chunked Transfer-Encoding HTTP response in which either (1) the chunk header length is specified as -1, (2) the chunk header with a length that is less than the actual amount of sent data, or (3) a missing chunk header.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

http://www.service.real.com/realplayer/security/03162006_player/en/

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

oval:org.mitre.oval:def:11444

vdb-entry

signature

x_refsource_OVAL

SUSE-SA:2006:018

vendor-advisory

x_refsource_SUSE

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_SECTRACK

vendor-advisory

x_refsource_REDHAT

realnetworks-chunked-transferencoding-bo(25409)

vdb-entry

x_refsource_XF

third-party-advisory

x_refsource_SECUNIA

vdb-entry

x_refsource_BID

third-party-advisory

x_refsource_CERT-VN

vendor-advisory

x_refsource_REDHAT

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.