// For flags

CVE-2006-6172

 

Severity Score

9.8
*CVSS v3

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

1
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Buffer overflow in the asmrp_eval function in the RealMedia RTSP stream handler (asmrp.c) for Real Media input plugin, as used in (1) xine/xine-lib, (2) MPlayer 1.0rc1 and earlier, and possibly others, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches.

Desbordamiento de búfer en la función asmrp_eval para el extensión de entrada a Real Media permite a atacantes remotos provocar una denegación de servicio y la posibilidad de ejecutar código de su elección mediante un libro de reglas con un gran número de coincidencias con estas reglas.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2006-11-30 CVE Reserved
  • 2006-11-30 CVE Published
  • 2024-08-07 CVE Updated
  • 2024-08-07 First Exploit
  • 2025-03-30 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
CAPEC
References (24)
URL Tag Source
http://secunia.com/advisories/23218 Third Party Advisory
http://secunia.com/advisories/23242 Third Party Advisory
http://secunia.com/advisories/23249 Third Party Advisory
http://secunia.com/advisories/23301 Third Party Advisory
http://secunia.com/advisories/23335 Third Party Advisory
http://secunia.com/advisories/23512 Third Party Advisory
http://secunia.com/advisories/23567 Third Party Advisory
http://secunia.com/advisories/24336 Third Party Advisory
http://secunia.com/advisories/24339 Third Party Advisory
http://secunia.com/advisories/25555 Third Party Advisory
http://sourceforge.net/project/shownotes.php?release_id=468432 X_refsource_confirm
http://www.mplayerhq.hu/MPlayer/patches/asmrules_fix_20061231.diff X_refsource_misc
http://www.mplayerhq.hu/design7/news.html#vuln14 X_refsource_confirm
http://www.securityfocus.com/bid/21435 Vdb Entry
http://www.vupen.com/english/advisories/2006/4824 Vdb Entry
URL Date SRC
https://sourceforge.net/tracker/index.php?func=detail&aid=1603458&group_id=9655&atid=109655 2024-08-07
URL Date SRC
URL Date SRC
http://security.gentoo.org/glsa/glsa-200612-02.xml 2011-03-08
http://security.gentoo.org/glsa/glsa-200702-11.xml 2011-03-08
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.433842 2011-03-08
http://www.debian.org/security/2006/dsa-1244 2011-03-08
http://www.mandriva.com/security/advisories?name=MDKSA-2006:224 2011-03-08
http://www.mandriva.com/security/advisories?name=MDKSA-2007:112 2011-03-08
http://www.novell.com/linux/security/advisories/2006_28_sr.html 2011-03-08
http://www.ubuntu.com/usn/usn-392-1 2011-03-08
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Mplayer
Search vendor "Mplayer"
 Mplayer
Search vendor "Mplayer" for product "Mplayer"
 <= 1.0_rc1
Search vendor "Mplayer" for product "Mplayer" and version " <= 1.0_rc1"
-
Affected
Xine
Search vendor "Xine"
 Real Media Input Plugin
Search vendor "Xine" for product "Real Media Input Plugin"
*-
Affected