CVE-2007-6103

Name of the Vulnerable Software and Affected Versions I Hear U (IHU) versions 0.5.6 and earlier

Description The issue allows remote attackers to cause a denial of service. This can happen in two ways: (1) via a packet with a size field of zero in its header, which is not properly handled by the Receiver::processPacket function, leading to an infinite loop; and (2) via an IHU INFO INIT or IHU INFO RING packet that does not specify the mode, which is not properly handled by the Player::ring function in Player.cpp, leading to a daemon crash.

Recommendations For I Hear U (IHU) versions 0.5.6 and earlier, consider disabling the Receiver::processPacket function and the Player::ring function in Player.cpp to prevent exploitation until a patch is available. Restrict access to packets that can trigger these functions to minimize the risk of a denial of service.