QwikSec

Security Database

CVE

CWE

Training

CVE-2009-4247

Published: Jan 25, 2010

Modified: Aug 7, 2024

PUBLISHED

Description

Stack-based buffer overflow in protocol/rtsp/rtspclnt.cpp in RealNetworks RealPlayer 10; RealPlayer 10.5 6.0.12.1040 through 6.0.12.1741; RealPlayer 11 11.0.x; RealPlayer SP 1.0.0 and 1.0.1; RealPlayer Enterprise; Mac RealPlayer 10, 10.1, 11.0, and 11.0.1; Linux RealPlayer 10, 11.0.0, and 11.0.1; and Helix Player 10.x, 11.0.0, and 11.0.1 allows remote attackers to cause a denial of service (application crash) or possibly execute arbitrary code via an ASM RuleBook with a large number of rules, related to an "array overflow."

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

vendor-advisory

x_refsource_REDHAT

vdb-entry

x_refsource_VUPEN

vdb-entry

x_refsource_SECTRACK

http://service.real.com/realplayer/security/01192010_player/en/

x_refsource_CONFIRM

third-party-advisory

x_refsource_SECUNIA

oval:org.mitre.oval:def:10677

vdb-entry

signature

x_refsource_OVAL

[protocol-cvs] 20090828 rtsp rtspclnt.cpp,1.244,1.245

mailing-list

x_refsource_MLIST

https://helixcommunity.org/viewcvs/protocol/rtsp/rtspclnt.cpp?view=log#rev1.245

x_refsource_CONFIRM

[helix-client-dev] 20090828 CR: 249097 - Security fix - urgent CR requested

mailing-list

x_refsource_MLIST

third-party-advisory

x_refsource_SECUNIA

https://bugzilla.redhat.com/show_bug.cgi?id=561338

x_refsource_CONFIRM

vdb-entry

x_refsource_BID

realplayer-rulebook-overflow(55802)

vdb-entry

x_refsource_XF

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.