CVE-2018-18820

HIGH

Icecast < 2.4.4 - Buffer Overflow in URL-Authentication Backend

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-18820. PoCs published by impulsiveness.

AI-analyzed exploit summary This repository contains a Python script that checks for the presence of CVE-2018-18820 in Icecast servers by detecting vulnerable versions (2.4.4 and below). It scans common ports and schemes to identify the Icecast version via server headers or XSL files.

Description

A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution.

Exploits (1)

nomisec SCANNER 2 stars

by impulsiveness · poc

https://github.com/impulsiveness/CVE-2018-18820

View Code ZIP pw:eip

This repository contains a Python script that checks for the presence of CVE-2018-18820 in Icecast servers by detecting vulnerable versions (2.4.4 and below). It scans common ports and schemes to identify the Icecast version via server headers or XSL files.

Classification

Scanner 95%

Attack Type

Info Leak

Complexity

Trivial

Reliability

Reliable

Target: Icecast versions 2.4.4 and below

No auth needed

Prerequisites: Network access to the target Icecast server · Icecast server running on standard ports (80, 8000, 8080, 443)

MITRE ATT&CK

T1087.001 - Local Account T1592 - Gather Victim Host Information

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5

Core References

Third Party Advisory, VDB Entry vdb-entry x_refsource_sectrack

http://www.securitytracker.com/id/1042019

Mitigation, Third Party Advisory vendor-advisory x_refsource_gentoo

https://security.gentoo.org/glsa/201811-09

Third Party Advisory mailing-list x_refsource_mlist

https://lists.debian.org/debian-lts-announce/2018/11/msg00033.html

Mailing List, Patch, Third Party Advisory mailing-list x_refsource_mlist

http://www.openwall.com/lists/oss-security/2018/11/01/3

Third Party Advisory vendor-advisory x_refsource_debian

https://www.debian.org/security/2018/dsa-4333

Scores

CVSS v3 8.1

EPSS 0.4894

EPSS Percentile 98.7%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-119

Status published

Products (3)

debian/debian_linux 8.0

debian/debian_linux 9.0

xiph/icecast < 2.4.4

Published Nov 05, 2018

Tracked Since Feb 18, 2026