Lucene search

[email protected]CVE-2006-3668

HistoryJul 18, 2006 - 3:47 p.m.

CVE-2006-3668

2006-07-1815:47:00

CWE-119

[email protected]

web.nvd.nist.gov

cve-2006-3668

dumb

buffer overflow

arbitrary code execution

it_read_envelope

nvd

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.027 Low

EPSS

Percentile

90.6%

JSON

Heap-based buffer overflow in the it_read_envelope function in Dynamic Universal Music Bibliotheque (DUMB) 0.9.3 and earlier and current CVS as of 20060716, including libdumb, allows user-assisted attackers to execute arbitrary code via a “.it” (Impulse Tracker) file with an envelope with a large number of nodes.

Affected configurations

NVD

Node

dynamic_universal_music_bibliothequedumbRange≤0.9.3

CPENameOperatorVersion
dynamic_universal_music_bibliotheque:dumbdynamic universal music bibliotheque dumble0.9.3

CPE	Name	Operator	Version
dynamic_universal_music_bibliotheque:dumb	dynamic universal music bibliotheque dumb	le	0.9.3

References

aluigi.altervista.org/adv/dumbit-adv.txt

secunia.com/advisories/21092

secunia.com/advisories/21184

secunia.com/advisories/21416

securityreason.com/securityalert/1240

www.debian.org/security/2006/dsa-1123

www.gentoo.org/security/en/glsa/glsa-200608-14.xml

www.securityfocus.com/bid/19025

www.vupen.com/english/advisories/2006/2835

exchange.xforce.ibmcloud.com/vulnerabilities/27789

7.6 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

HIGH

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:H/Au:N/C:C/I:C/A:C

7.5 High

AI Score

Confidence

Low

0.027 Low

EPSS

Percentile

90.6%

JSON

Related for CVE-2006-3668

nessus3 gentoo1 debian1 openvas4 cvelist1 securityvulns1 nvd1 ubuntucve1 debiancve1