CVE-2009-4097

2009-11-2913:08:29

CWE-119

[email protected]

web.nvd.nist.gov

CVSS2

9.3

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:C/I:C/A:C

AI Score

Confidence

High

EPSS

0.109

Percentile

95.1%

JSON

Stack-based buffer overflow in the MplayInputFile function in Serenity Audio Player 3.2.3 and earlier allows remote attackers to execute arbitrary code via a long URL in an M3U file. NOTE: some of these details are obtained from third party information.

Affected configurations

Nvd

Node

malsmithserenity_audio_playerRange≤3.2.3

malsmithserenity_audio_playerMatch3.0.1

malsmithserenity_audio_playerMatch3.0.2

malsmithserenity_audio_playerMatch3.2.0

malsmithserenity_audio_playerMatch3.2.1

malsmithserenity_audio_playerMatch3.2.2

VendorProductVersionCPE
malsmithserenity_audio_player*cpe:2.3:a:malsmith:serenity_audio_player:*:*:*:*:*:*:*:*
malsmithserenity_audio_player3.0.1cpe:2.3:a:malsmith:serenity_audio_player:3.0.1:*:*:*:*:*:*:*
malsmithserenity_audio_player3.0.2cpe:2.3:a:malsmith:serenity_audio_player:3.0.2:*:*:*:*:*:*:*
malsmithserenity_audio_player3.2.0cpe:2.3:a:malsmith:serenity_audio_player:3.2.0:*:*:*:*:*:*:*
malsmithserenity_audio_player3.2.1cpe:2.3:a:malsmith:serenity_audio_player:3.2.1:*:*:*:*:*:*:*
malsmithserenity_audio_player3.2.2cpe:2.3:a:malsmith:serenity_audio_player:3.2.2:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
malsmith	serenity_audio_player	*	cpe:2.3:a:malsmith:serenity_audio_player::::::::
malsmith	serenity_audio_player	3.0.1	cpe:2.3:a:malsmith:serenity_audio_player:3.0.1:::::::*
malsmith	serenity_audio_player	3.0.2	cpe:2.3:a:malsmith:serenity_audio_player:3.0.2:::::::*
malsmith	serenity_audio_player	3.2.0	cpe:2.3:a:malsmith:serenity_audio_player:3.2.0:::::::*
malsmith	serenity_audio_player	3.2.1	cpe:2.3:a:malsmith:serenity_audio_player:3.2.1:::::::*
malsmith	serenity_audio_player	3.2.2	cpe:2.3:a:malsmith:serenity_audio_player:3.2.2:::::::*