Back to search
CVE-2015-3026
Published: Apr 29, 2015
Modified: Aug 6, 2024
PUBLISHED
Description
Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg."
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
FEDORA-2015-13077
vendor-advisory
x_refsource_FEDORA
FEDORA-2015-13106
vendor-advisory
x_refsource_FEDORA
openSUSE-SU-2015:0728
vendor-advisory
x_refsource_SUSE
GLSA-201508-03
vendor-advisory
x_refsource_GENTOO
FEDORA-2015-13083
vendor-advisory
x_refsource_FEDORA
[Icecast-dev] 20150408 Icecast 2.4.2 - security release
mailing-list
x_refsource_MLIST
https://trac.xiph.org/ticket/2191
x_refsource_CONFIRM
[oss-security] 20150408 CVE Request for Icecast 2.3.3, 2.4.0, 2.4.1, fixed in 2.4.2
mailing-list
x_refsource_MLIST
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=782120
x_refsource_CONFIRM
73965
vdb-entry
x_refsource_BID
DSA-3239
vendor-advisory
x_refsource_DEBIAN
[oss-security] 20150408 Re: CVE Request for Icecast 2.3.3, 2.4.0, 2.4.1, fixed in 2.4.2
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now