Home > Vulnerability Database > CVE-2006-4197

Mend.io Vulnerability Database

CVE-2006-4197

Date: August 17, 2006

Multiple buffer overflows in libmusicbrainz (aka mb_client or MusicBrainz Client Library) 2.1.2 and earlier, and SVN 8406 and earlier, allow remote attackers to cause a denial of service (crash) or execute arbitrary code via (1) a long Location header by the HTTP server, which triggers an overflow in the MBHttp::Download function in lib/http.cpp; and (2) a long URL in RDF data, as demonstrated by a URL in an rdf:resource field in an RDF XML document, which triggers overflows in many functions in lib/rdfparse.c.

Severity Score

7.3

Related Resources (23)

Url: https://nvd.nist.gov/vuln/detail/CVE-2006-4197

Url: http://secunia.com/advisories/22191

Url: http://security.gentoo.org/glsa/glsa-200610-09.xml

Url: http://secunia.com/advisories/22639

Url: http://aluigi.altervista.org/adv/brainzbof-adv.txt

Url: https://issues.rpath.com/browse/RPL-610

Url: http://www.novell.com/linux/security/advisories/2006_25_sr.html

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/28367

Url: http://secunia.com/advisories/21699

Url: https://exchange.xforce.ibmcloud.com/vulnerabilities/28368

Url: http://securityreason.com/securityalert/1399

Url: http://www.ubuntu.com/usn/usn-363-1

Url: http://secunia.com/advisories/21404

Url: http://secunia.com/advisories/21668

Url: http://secunia.com/advisories/22517

Url: http://securitytracker.com/id?1016691

Url: http://secunia.com/advisories/22393

Url: http://www.debian.org/security/2006/dsa-1162

Url: http://www.securityfocus.com/archive/1/444843/100/0/threaded

Url: http://www.mandriva.com/security/advisories?name=MDKSA-2006:157

Url: http://www.securityfocus.com/bid/19508

Url: http://www.securityfocus.com/archive/1/443205/100/0/threaded

Url: https://www.mend.io/vulnerability-database/CVE-2006-4197

Severity Score

7.3

CVSS v3.1

Base Score:	7.3
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	LOW
Integrity (I):	LOW
Availability (A):	LOW

CVSS v2

Base Score:	7.5
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	PARTIAL
Integrity (I):	PARTIAL
Availability (A):	PARTIAL
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2006-4197

Date: August 17, 2006

Severity Score

Related Resources (23)

Severity Score

CVSS v3.1

CVSS v2

Do you need more information?