Candidate: CVE-2018-18820
PublicDate: 2018-11-05 19:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-18820
 https://www.openwall.com/lists/oss-security/2018/11/01/3
 https://gitlab.xiph.org/xiph/icecast-server/issues/2342
 https://lgtm.com/blog/icecast_snprintf_CVE-2018-18820
Description:
 A buffer overflow was discovered in the URL-authentication backend of the
 Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP
 client can send a request for that specific resource including a crafted
 header, leading to denial of service and potentially remote code execution.
Ubuntu-Description:
Notes:
Bugs:
 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=912611
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H [8.1 HIGH]


Patches_icecast2:
upstream_icecast2: released (2.4.4-1)
precise/esm_icecast2: DNE
trusty_icecast2: ignored (reached end-of-life)
trusty/esm_icecast2: DNE (trusty was needs-triage)
xenial_icecast2: released (2.4.2-1ubuntu0.1)
bionic_icecast2: released (2.4.3-2ubuntu0.1)
cosmic_icecast2: ignored (reached end-of-life)
disco_icecast2: not-affected (2.4.4-1)
eoan_icecast2: not-affected (2.4.4-1)
focal_icecast2: not-affected (2.4.4-1)
devel_icecast2: not-affected (2.4.4-1)