Your submission was sent successfully! Close

CVE-2015-3026

Published: 29 April 2015

Icecast before 2.4.2, when a stream_auth handler is defined for URL authentication, allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via a request without login credentials, as demonstrated by a request to "admin/killsource?mount=/test.ogg."

Priority

Medium

Status

Package Release Status
icecast2
Launchpad, Ubuntu, Debian
Upstream
Released (2.4.2)
Ubuntu 18.04 LTS (Bionic Beaver) Not vulnerable
(2.4.2-1)
Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(2.4.2-1)
Ubuntu 14.04 ESM (Trusty Tahr) Does not exist
(trusty was released [2.3.3-2ubuntu1.14.04.1])