CVE-2009-2550

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2009-2550
Stack-based buffer overflow in Hamster Audio Player 0.3a allows remote attackers to execute arbitrary code via a long string in a (1) .m3u or (2) .hpl playlist file.

9.3 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:M/Au:N/C:C/I:C/A:C

Exploitability : 8.6 / Impact : 10.0

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact COMPLETE

Integrity Impact COMPLETE

Availability Impact COMPLETE

References
Link Resource
http://osvdb.org/55871 Broken Link
http://secunia.com/advisories/35825 Broken Link Vendor Advisory
https://exchange.xforce.ibmcloud.com/vulnerabilities/51732 Third Party Advisory VDB Entry
http://www.exploit-db.com/exploits/9172 Third Party Advisory VDB Entry
http://www.exploit-db.com/exploits/9157 Third Party Advisory VDB Entry
Configurations

Configuration 1 (hide)

cpe:2.3:a:ondanera:hamster_audio_player:0.3a:*:*:*:*:*:*:*
History

14 Feb 2024, 17:21

Type Values Removed Values Added
CPE cpe:2.3:a:ondanera.net:hamster_audio_player:0.3a:*:*:*:*:*:*:* cpe:2.3:a:ondanera:hamster_audio_player:0.3a:*:*:*:*:*:*:*
CWE CWE-119 CWE-787
References (EXPLOIT-DB) http://www.exploit-db.com/exploits/9157 - (EXPLOIT-DB) http://www.exploit-db.com/exploits/9157 - Third Party Advisory, VDB Entry
References (OSVDB) http://osvdb.org/55871 - (OSVDB) http://osvdb.org/55871 - Broken Link
References (EXPLOIT-DB) http://www.exploit-db.com/exploits/9172 - (EXPLOIT-DB) http://www.exploit-db.com/exploits/9172 - Third Party Advisory, VDB Entry
References (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/51732 - (XF) https://exchange.xforce.ibmcloud.com/vulnerabilities/51732 - Third Party Advisory, VDB Entry
References (SECUNIA) http://secunia.com/advisories/35825 - Vendor Advisory (SECUNIA) http://secunia.com/advisories/35825 - Broken Link, Vendor Advisory
First Time Ondanera
Ondanera hamster Audio Player
Information

Published : 2009-07-20 20:00

Updated : 2024-02-14 17:21

NVD link : CVE-2009-2550

Mitre link : CVE-2009-2550

JSON object : View

Products Affected

ondanera

  • hamster_audio_player
CWE
CWE-787

Out-of-bounds Write