Lucene search

K
cveMitreCVE-2009-4097
HistoryNov 29, 2009 - 1:08 p.m.

CVE-2009-4097

2009-11-2913:08:29
CWE-119
mitre
web.nvd.nist.gov
23
cve-2009-4097
buffer overflow
serenity audio player
remote code execution
m3u file
security vulnerability

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8

Confidence

High

EPSS

0.109

Percentile

95.1%

Stack-based buffer overflow in the MplayInputFile function in Serenity Audio Player 3.2.3 and earlier allows remote attackers to execute arbitrary code via a long URL in an M3U file. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd
Node
malsmithserenity_audio_playerRange3.2.3
OR
malsmithserenity_audio_playerMatch3.0.1
OR
malsmithserenity_audio_playerMatch3.0.2
OR
malsmithserenity_audio_playerMatch3.2.0
OR
malsmithserenity_audio_playerMatch3.2.1
OR
malsmithserenity_audio_playerMatch3.2.2
VendorProductVersionCPE
malsmithserenity_audio_player*cpe:2.3:a:malsmith:serenity_audio_player:*:*:*:*:*:*:*:*
malsmithserenity_audio_player3.0.1cpe:2.3:a:malsmith:serenity_audio_player:3.0.1:*:*:*:*:*:*:*
malsmithserenity_audio_player3.0.2cpe:2.3:a:malsmith:serenity_audio_player:3.0.2:*:*:*:*:*:*:*
malsmithserenity_audio_player3.2.0cpe:2.3:a:malsmith:serenity_audio_player:3.2.0:*:*:*:*:*:*:*
malsmithserenity_audio_player3.2.1cpe:2.3:a:malsmith:serenity_audio_player:3.2.1:*:*:*:*:*:*:*
malsmithserenity_audio_player3.2.2cpe:2.3:a:malsmith:serenity_audio_player:3.2.2:*:*:*:*:*:*:*

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

8

Confidence

High

EPSS

0.109

Percentile

95.1%

Related for CVE-2009-4097