Vulnerability DatabaseCVE-2006-6172
Mend.io Vulnerability Database
The largest open source vulnerability database
What is a Vulnerability ID?
New vulnerability? Tell us about it!
CVE-2006-6172
November 30, 2006
Buffer overflow in the asmrp_eval function in the RealMedia RTSP stream handler (asmrp.c) for Real Media input plugin, as used in (1) xine/xine-lib, (2) MPlayer 1.0rc1 and earlier, and possibly others, allows remote attackers to cause a denial of service and possibly execute arbitrary code via a rulebook with a large number of rulematches.
Related ResourcesĀ (25)
http://www.mplayerhq.hu/MPlayer/patches/asmrules_fix_20061231.diff
http://secunia.com/advisories/23249
http://slackware.com/security/viewer.php?l=slackware-security&y=2006&m=slackware-security.433842
http://secunia.com/advisories/24339
http://secunia.com/advisories/23218
http://secunia.com/advisories/23335
http://security.gentoo.org/glsa/glsa-200702-11.xml
http://sourceforge.net/project/shownotes.php?release_id=468432
http://secunia.com/advisories/24336
http://secunia.com/advisories/25555
http://secunia.com/advisories/23242
http://secunia.com/advisories/23512
http://www.mandriva.com/security/advisories?name=MDKSA-2006:224
https://people.canonical.com/~ubuntu-security/cve/CVE-2006-6172
http://secunia.com/advisories/23301
http://www.ubuntu.com/usn/usn-392-1
http://www.mandriva.com/security/advisories?name=MDKSA-2007:112
http://www.debian.org/security/2006/dsa-1244
http://www.vupen.com/english/advisories/2006/4824
http://www.mplayerhq.hu/design7/news.html#vuln14
http://secunia.com/advisories/23567
http://www.novell.com/linux/security/advisories/2006_28_sr.html
http://www.securityfocus.com/bid/21435
http://security.gentoo.org/glsa/glsa-200612-02.xml
https://sourceforge.net/tracker/index.php?func=detail&aid=1603458&group_id=9655&atid=109655
Do you need more information?
Contact Us
CVSS v4
Base Score:
6.9
Attack Vector
NETWORK
Attack Complexity
LOW
Attack Requirements
NONE
Privileges Required
NONE
User Interaction
NONE
Vulnerable System Confidentiality
LOW
Vulnerable System Integrity
LOW
Vulnerable System Availability
LOW
Subsequent System Confidentiality
NONE
Subsequent System Integrity
NONE
Subsequent System Availability
NONE
CVSS v3
Base Score:
7.3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality
LOW
Integrity
LOW
Availability
LOW
CVSS v2
Base Score:
7.5
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
EPSS
Base Score:
4.46