CVE-2006-6172

Severity Score

7.5

*CVSS v2

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Buffer overflow in the asmrp_eval function in the RealMedia RTSP stream handler (asmrp.c) for Real Media input plugin, as used in (1) xine/xine-lib, (2) MPlayer 1.0rc1 and earlier, and possibly others, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches.

Desbordamiento de búfer en la función asmrp_eval para el extensión de entrada a Real Media permite a atacantes remotos provocar una denegación de servicio y la posibilidad de ejecutar código de su elección mediante un libro de reglas con un gran número de coincidencias con estas reglas.

*Credits: N/A

CVSS Scores

NISTv2 7.5

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2006-11-30 CVE Reserved
2006-11-30 CVE Published
2023-11-11 EPSS Updated
2024-08-07 CVE Updated
2024-08-07 First Exploit
---------- Exploited in Wild
---------- KEV Due Date

CWE

CAPEC

References (24)

URL	Tag	Source
http://secunia.com/advisories/23218	Third Party Advisory
http://secunia.com/advisories/23242	Third Party Advisory
http://secunia.com/advisories/23249	Third Party Advisory
http://secunia.com/advisories/23301	Third Party Advisory
http://secunia.com/advisories/23335	Third Party Advisory
http://secunia.com/advisories/23512	Third Party Advisory
http://secunia.com/advisories/23567	Third Party Advisory
http://secunia.com/advisories/24336	Third Party Advisory
http://secunia.com/advisories/24339	Third Party Advisory
http://secunia.com/advisories/25555	Third Party Advisory
http://sourceforge.net/project/shownotes.php?release_id=468432	X_refsource_confirm
http://www.mplayerhq.hu/MPlayer/patches/asmrules_fix_20061231.diff	X_refsource_misc
http://www.mplayerhq.hu/design7/news.html#vuln14	X_refsource_confirm
http://www.securityfocus.com/bid/21435	Vdb Entry
http://www.vupen.com/english/advisories/2006/4824	Vdb Entry

URL	Date	SRC
https://sourceforge.net/tracker/index.php?func=detail&aid=1603458&group_id=9655&atid=109655	2024-08-07

URL	Date	SRC

URL	Date	SRC
http://security.gentoo.org/glsa/glsa-200612-02.xml	2011-03-08
http://security.gentoo.org/glsa/glsa-200702-11.xml	2011-03-08
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.433842	2011-03-08
http://www.debian.org/security/2006/dsa-1244	2011-03-08
http://www.mandriva.com/security/advisories?name=MDKSA-2006:224	2011-03-08
http://www.mandriva.com/security/advisories?name=MDKSA-2007:112	2011-03-08
http://www.novell.com/linux/security/advisories/2006_28_sr.html	2011-03-08
http://www.ubuntu.com/usn/usn-392-1	2011-03-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Mplayer Search vendor "Mplayer"		Mplayer Search vendor "Mplayer" for product "Mplayer"				<= 1.0_rc1 Search vendor "Mplayer" for product "Mplayer" and version " <= 1.0_rc1"		-		Affected
Xine Search vendor "Xine"		Real Media Input Plugin Search vendor "Xine" for product "Real Media Input Plugin"				*		-		Affected