CVE-2006-3355
mpg123 - Heap-based Buffer Overflow via Long URL in httpdget.c
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2006-3355. PoCs published by Horst Schirmeier.
AI-analyzed exploit summary This exploit demonstrates a remote buffer overflow in mpg123 by sending a maliciously crafted HTTP response with an overly long 'Location' header. The vulnerability is specific to a patch applied to the Gentoo Linux version of mpg123.
Description
Heap-based buffer overflow in httpdget.c in mpg123 before 0.59s-rll allows remote attackers to execute arbitrary code via a long URL, which is not properly terminated before being used with the strncpy function. NOTE: This appears to be the result of an incomplete patch for CVE-2004-0982.
Exploits (1)
This exploit demonstrates a remote buffer overflow in mpg123 by sending a maliciously crafted HTTP response with an overly long 'Location' header. The vulnerability is specific to a patch applied to the Gentoo Linux version of mpg123.