CVE-2007-6454

PeerCast < 0.1217 - Heap-Based Buffer Overflow via Long SOURCE Request

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2007-6454. PoCs published by Luigi Auriemma.

AI-analyzed exploit summary The provided text describes multiple buffer-overflow vulnerabilities in PeerCast due to insufficient bounds-checking of user-supplied input. Exploitation could lead to arbitrary code execution with the privileges of the user running the application.

Description

Heap-based buffer overflow in the handshakeHTTP function in servhs.cpp in PeerCast 0.1217 and earlier, and SVN 344 and earlier, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a long SOURCE request.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Luigi Auriemma · textdoslinux

https://www.exploit-db.com/exploits/30894

View Code ZIP pw:eip

The provided text describes multiple buffer-overflow vulnerabilities in PeerCast due to insufficient bounds-checking of user-supplied input. Exploitation could lead to arbitrary code execution with the privileges of the user running the application.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: PeerCast 0.12.17, SVN 334 and prior versions

No auth needed

Prerequisites: Network access to the target application · Ability to send crafted input to the application

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (15)

Core 15

Core References

Third Party Advisory vendor-advisory x_refsource_gentoo

http://www.gentoo.org/security/en/glsa/glsa-200801-22.xml

Exploit, Patch vdb-entry x_refsource_bid

http://www.securityfocus.com/bid/26899

Issue Tracking x_refsource_misc

http://bugs.gentoo.org/show_bug.cgi?id=202747

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28719

Third Party Advisory, VDB Entry vdb-entry x_refsource_xf

https://exchange.xforce.ibmcloud.com/vulnerabilities/39075

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2008/dsa-1583

Vendor Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28120

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/30325

Third Party Advisory, VDB Entry mailing-list x_refsource_bugtraq

http://www.securityfocus.com/archive/1/485199/100/0/threaded

Third Party Advisory third-party-advisory x_refsource_secunia

http://secunia.com/advisories/28260

Third Party Advisory vendor-advisory x_refsource_debian

http://www.debian.org/security/2007/dsa-1441

Exploit x_refsource_misc

http://aluigi.altervista.org/adv/peercasthof-adv.txt

Issue Tracking x_refsource_misc

http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=457300

Third Party Advisory vdb-entry x_refsource_vupen

http://www.vupen.com/english/advisories/2007/4246

Third Party Advisory third-party-advisory x_refsource_sreason

http://securityreason.com/securityalert/3461

Scores

EPSS 0.1680

EPSS Percentile 96.6%

Details

CWE

CWE-119

Status published

Products (4)

peercast/peercast 0.1211

peercast/peercast 0.1212

peercast/peercast 0.1215

peercast/peercast < 0.1217

Published Dec 20, 2007

Tracked Since Feb 18, 2026