CVE-2006-1148

Name of the Vulnerable Software and Affected Versions PeerCast versions prior to 0.1217

Description The issue is caused by multiple stack-based buffer overflows in the procConnectArgs function, which can be triggered by remote attackers via an HTTP GET request. This request can contain a long parameter name or value in a URL, leading to the overflow in the nextCGIarg function. This allows remote attackers to execute arbitrary code.

Recommendations For PeerCast versions prior to 0.1217, update to version 0.1217 or later to resolve the issue. As a temporary workaround, consider restricting access to the procConnectArgs function and the nextCGIarg function in servhs.cpp to minimize the risk of exploitation. Avoid using long parameter names or values in URLs for the affected API endpoint until the issue is resolved.