Buffer Overflow Vulnerability in cdp

vendor:

cdp

by:

Unknown

7.5

CVSS

HIGH

Buffer Overflow

119

CWE

Product Name: cdp

Affected Version From: All versions of cdp

Affected Version To: All versions of cdp

Patch Exists: NO

Related CWE:

CPE: a:cdp

Metasploit:

Other Scripts:

Platforms Tested:

Unknown

Buffer Overflow Vulnerability in cdp

cdp is prone to a buffer overflow vulnerability that may allow an attacker to cause a denial of service condition in the software. The issue exists due to insufficient boundary checks performed by the printTOC() function. The buffer overflow condition may occur if when a song with a track name exceeding 200 bytes is accessed via the application. If an attacker is able to overwrite sensitive memory locations, it may be possible to execute arbitrary instructions in the context of the user running cdp.

Mitigation:

No patch or mitigation is mentioned in the source.

Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/10021/info

It has been reported that cdp may be prone to a buffer overflow vulnerability that may allow an attacker to cause a denial of service condition in the software. The issue exists due to insufficient boundary checks performed by the printTOC() function. The buffer overflow condition may occur if when a song with a track name exceeding 200 bytes is accessed via the application.

If an attacker is able to overwrite sensitive memory locations, it may be possible to execute arbitrary instructions in the context of the user running cdp.

All versions of cdp are assumed to be vulnerable to this issue. 

https://gitlab.com/exploit-database/exploitdb-bin-sploits/-/raw/main/bin-sploits/23900.tgz