Vulnerability Description
The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early.
CVSS Score
4.3
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Mpg123 | Mpg123 | 0.59m |
References
- http://osvdb.org/40128
- http://sourceforge.net/project/shownotes.php?group_id=135704&release_id=478747PatchVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:032
- http://www.mpg123.de/cgi-bin/news.cgiPatchVendor Advisory
- http://www.securityfocus.com/bid/22274PatchVendor Advisory
- http://www.vupen.com/english/advisories/2007/0366
- http://osvdb.org/40128
- http://sourceforge.net/project/shownotes.php?group_id=135704&release_id=478747PatchVendor Advisory
- http://www.mandriva.com/security/advisories?name=MDKSA-2007:032
- http://www.mpg123.de/cgi-bin/news.cgiPatchVendor Advisory
- http://www.securityfocus.com/bid/22274PatchVendor Advisory
- http://www.vupen.com/english/advisories/2007/0366
FAQ
What is CVE-2007-0578?
CVE-2007-0578 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early.
How severe is CVE-2007-0578?
CVE-2007-0578 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2007-0578?
Check the references section above for vendor advisories and patch information. Affected products include: Mpg123 Mpg123.