Description
icecast before 2.3.3 allows remote attackers to inject control characters such as newlines into the error loc (error.log) via a crafted URL.
References (4)
Core 4
Core References
Issue Tracking x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=768176
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090668.html
Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2012-October/090695.html
Patch, Vendor Advisory x_refsource_confirm
http://www.icecast.org/
Scores
EPSS
0.0220
EPSS Percentile
80.4%
Details
CWE
CWE-20
Status
published
Products (1)
xiph/icecast
< 2.3.2
Published
Nov 20, 2012
Tracked Since
Feb 18, 2026