HTTP: Xiph.org Icecast Server auth_url Stack Buffer Overflow
This signature detects attempts to exploit a known vulnerability against Icecast server. The vulnerability is due to improper offset calculations while copying user-supplied data into a stack-based buffer within url_add_client in auth_url.c. A remote, unauthenticated attacker could exploit this vulnerability by sending a maliciously crafted HTTP request to the target server. Successful exploitation could potentially lead to arbitrary code execution.
Extended Description
A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution.
Affected Products
Xiph icecast
Short Name
HTTP:XIPH-CAST-URL-AUTH
Severity
Minor
Recommended
True
Recommended Action
Drop
Category
HTTP
Keywords
Buffer CVE-2018-18820 CVE-2022-30780 Icecast Overflow Server Stack Xiph.org auth_url
Release Date
03/14/2019
Supported Platforms
srx-branch-19.3
vsrx3bsd-19.2
srx-19.4
vsrx3bsd-19.4
srx-branch-19.4
vsrx-19.4
vsrx-19.2
srx-19.3
srx-branch-12.3
mx-12.3
mx-19.4
vmx-19.4
mx-19.3
vsrx-12.3
vmx-19.3
srx-12.3
Sigpack Version
3591
False Positive
Unknown
Vendors
Debian
Xiph
CVSS Score
6.8