Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2007-0578

The http_open function in httpget.c in mpg123 before 0.64 allows remote attackers to cause a denial of service (infinite loop) by closing the HTTP connection early.

Published

2007-01-30T17:28:00.000

Last Modified

2025-04-09T00:30:58.490

Status

Deferred

Source

[email protected]

Severity

CVSSv2: 4.3 (MEDIUM)

CVSSv2 Vector

AV:N/AC:M/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: MEDIUM
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

8.6

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-Other

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	mpg123	mpg123	0.59m	Yes
Application	mpg123	mpg123	0.59n	Yes
Application	mpg123	mpg123	0.59o	Yes
Application	mpg123	mpg123	0.59p	Yes
Application	mpg123	mpg123	0.59q	Yes
Application	mpg123	mpg123	0.59r	Yes
Application	mpg123	mpg123	0.59s	Yes
Application	mpg123	mpg123	0.62	Yes
Application	mpg123	mpg123	0.63	Yes
Application	mpg123	mpg123	pre0.59s	Yes
Application	mpg123	mpg123	pre0.59s_r11	Yes

References

http://osvdb.org/40128 ([email protected])
http://sourceforge.net/project/shownotes.php?group_id=135704&release_id=478747 Patch, Vendor Advisory ([email protected])
http://www.mandriva.com/security/advisories?name=MDKSA-2007:032 ([email protected])
http://www.mpg123.de/cgi-bin/news.cgi Patch, Vendor Advisory ([email protected])
http://www.securityfocus.com/bid/22274 Patch, Vendor Advisory ([email protected])
http://www.vupen.com/english/advisories/2007/0366 ([email protected])
http://osvdb.org/40128 (af854a3a-2127-422b-91ae-364da2661108)
http://sourceforge.net/project/shownotes.php?group_id=135704&release_id=478747 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.mandriva.com/security/advisories?name=MDKSA-2007:032 (af854a3a-2127-422b-91ae-364da2661108)
http://www.mpg123.de/cgi-bin/news.cgi Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.securityfocus.com/bid/22274 Patch, Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.vupen.com/english/advisories/2007/0366 (af854a3a-2127-422b-91ae-364da2661108)