ByteOS Network

NVD Vulnerability Details :

CVE-2006-4089

Modified

Source-cve@mitre.org

Published At-11 Aug, 2006 | 10:04

Updated At-16 Apr, 2026 | 00:27

Multiple buffer overflows in Andy Lo-A-Foe AlsaPlayer 0.99.76 and earlier allow remote attackers to cause a denial of service (application crash), or have other unknown impact, via (1) a long Location field sent by a web server, which triggers an overflow in the reconnect function in reader/http/http.c; (2) a long URL sent by a web server when AlsaPlayer is seeking a media file for the playlist, which triggers overflows in new_list_item and CbUpdated in interface/gtk/PlaylistWindow.cpp; and (3) a long response sent by a CDDB server, which triggers an overflow in cddb_lookup in input/ccda/cdda_engine.c.

Date Added	Due Date	Vulnerability Name	Required Action
	N/A

Metrics

Type	Version	Base score	Base severity	Vector
Primary	2.0	5.0	MEDIUM	AV:N/AC:L/Au:N/C:N/I:N/A:P

Type: Primary

Version: 2.0

Base score: 5.0

Base severity: MEDIUM

Vector:

AV:N/AC:L/Au:N/C:N/I:N/A:P

CPE Matches

andy_lo-a-foe>>alsaplayer>>Versions up to 0.99.76(inclusive)

cpe:2.3:a:andy_lo-a-foe:alsaplayer:*:*:*:*:*:*:*:*

Weaknesses

CWE ID	Type	Source
NVD-CWE-Other	Primary	nvd@nist.gov

CWE ID: NVD-CWE-Other

Type: Primary

Source: nvd@nist.gov

References

Hyperlink	Source	Resource
http://aluigi.altervista.org/adv/alsapbof-adv.txt	cve@mitre.org	N/A
http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0249.html	cve@mitre.org	N/A
http://secunia.com/advisories/21422	cve@mitre.org	N/A
http://secunia.com/advisories/21639	cve@mitre.org	N/A
http://secunia.com/advisories/21749	cve@mitre.org	N/A
http://secunia.com/advisories/22018	cve@mitre.org	N/A
http://security.gentoo.org/glsa/glsa-200608-24.xml	cve@mitre.org	N/A
http://securityreason.com/securityalert/1356	cve@mitre.org	N/A
http://www.debian.org/security/2006/dsa-1179	cve@mitre.org	N/A
http://www.novell.com/linux/security/advisories/2006_21_sr.html	cve@mitre.org	N/A
http://www.osvdb.org/27883	cve@mitre.org	N/A
http://www.osvdb.org/27884	cve@mitre.org	N/A
http://www.osvdb.org/27885	cve@mitre.org	N/A
http://www.securityfocus.com/archive/1/442725/100/0/threaded	cve@mitre.org	N/A
http://www.securityfocus.com/bid/19450	cve@mitre.org	Exploit
http://www.vupen.com/english/advisories/2006/3235	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/28306	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/28307	cve@mitre.org	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/28308	cve@mitre.org	N/A
http://aluigi.altervista.org/adv/alsapbof-adv.txt	af854a3a-2127-422b-91ae-364da2661108	N/A
http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0249.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/21422	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/21639	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/21749	af854a3a-2127-422b-91ae-364da2661108	N/A
http://secunia.com/advisories/22018	af854a3a-2127-422b-91ae-364da2661108	N/A
http://security.gentoo.org/glsa/glsa-200608-24.xml	af854a3a-2127-422b-91ae-364da2661108	N/A
http://securityreason.com/securityalert/1356	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.debian.org/security/2006/dsa-1179	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.novell.com/linux/security/advisories/2006_21_sr.html	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.osvdb.org/27883	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.osvdb.org/27884	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.osvdb.org/27885	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/archive/1/442725/100/0/threaded	af854a3a-2127-422b-91ae-364da2661108	N/A
http://www.securityfocus.com/bid/19450	af854a3a-2127-422b-91ae-364da2661108	Exploit
http://www.vupen.com/english/advisories/2006/3235	af854a3a-2127-422b-91ae-364da2661108	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/28306	af854a3a-2127-422b-91ae-364da2661108	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/28307	af854a3a-2127-422b-91ae-364da2661108	N/A
https://exchange.xforce.ibmcloud.com/vulnerabilities/28308	af854a3a-2127-422b-91ae-364da2661108	N/A

Hyperlink: http://aluigi.altervista.org/adv/alsapbof-adv.txt

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://archives.neohapsis.com/archives/fulldisclosure/2006-08/0249.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/21422

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/21639

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/21749

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://secunia.com/advisories/22018

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://security.gentoo.org/glsa/glsa-200608-24.xml

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://securityreason.com/securityalert/1356

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.debian.org/security/2006/dsa-1179

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.novell.com/linux/security/advisories/2006_21_sr.html

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.osvdb.org/27883

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.osvdb.org/27884

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.osvdb.org/27885

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/archive/1/442725/100/0/threaded

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://www.securityfocus.com/bid/19450

Source: cve@mitre.org

Resource:

Exploit

Hyperlink: http://www.vupen.com/english/advisories/2006/3235

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/28306

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/28307

Source: cve@mitre.org

Resource: N/A

Hyperlink: https://exchange.xforce.ibmcloud.com/vulnerabilities/28308

Source: cve@mitre.org

Resource: N/A

Hyperlink: http://aluigi.altervista.org/adv/alsapbof-adv.txt