CVE-2005-0838

unknown

Published — · Modified —

💬 Discuss on Community ✚ Propose mitigation

CVSS v3

—

CVSS v4 NEW

—

not yet in upstream

VIR risk

1.0

Description

Multiple buffer overflows in the XSL parser for IceCast 2.20 may allow attackers to cause a denial of service and possibly execute arbitrary code via (1) a long test value in an xsl:when tag, (2) a long test value in an xsl:if tag, or (3) a long select value in an xsl:value-of tag.

Predictions

Exploit likelihood

20%

Patch ETA

—

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or — if you've already worked around this in production — publish your fix to the community-verified tier.

✚ Propose a mitigation on Community → Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

Exploits

Public proof-of-concept code below. AS-IS, for defenders and authorised testing only.

Exploit-DB

EDB-25238 remote multiple verified text · 1 KB

patrick · 2005-03-18

Icecast 2.x - XSL Parser Multiple Vulnerabilities

text exploit Source: Exploit-DB

source: https://www.securityfocus.com/bid/12849/info

Icecast is reported prone to multiple vulnerabilities. The following individual issues are reported:

Icecast XSL parser is reported to be prone to a buffer overflow vulnerability. This issue exists due to a lack of sufficient boundary checks performed on certain XSL tag values before copying these values into a finite buffer in process memory. It is reported that the vulnerability manifests when a malicious XSL file is parsed by the affected software.

This issue may potentially be exploited to deny service for legitimate users or potentially execute arbitrary code in the context of the user that is running the affected software. This is not confirmed.

It is reported that the Icecast XSL parser is prone to an information disclosure vulnerability. It is reported that the parser fails to parse XSL files when a request for such a file is appended with a dot '.' character.

A remote attacker may exploit this vulnerability to disclose the contents of XSL files that can be requested publicly.

These vulnerabilities are reported to affect Icecast version 2.20, other versions might also be affected. 

<xsl:when test="<lots of chars>"></xsl:when>
<xsl:if test="<lots of chars>"></xsl:if>
<xsl:value-of select="<lots of chars>" />

GET /auth.xsl. HTTP/1.0
GET /status.xsl. HTTP/1.0

OS impact

Debian Affected 4 releases

Version	Status	Fixed in
trixie	Affected	—
sid	Affected	—
bullseye	Affected	—
bookworm	Affected	—

References

https://security-tracker.debian.org/tracker/CVE-2005-0838

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.