CVE-2010-0416: Buffer Overflow
First published: Thu Feb 04 2010(Updated: )
A possible buffer overflow flaw was found in the RealPlayer's / HelixPlayer's function performing URL unescaping (HTTP %-escapes unescaping, e.g. %20 -> space): <a href="http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html">http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html</a> <a href="https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1">https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1</a> Function always assumed % character was always followed by at least two extra hex characters. If no or only one character followed, unescaping function failed to properly detect the end of the URL string (test is done by comparing character on the current position with '\0') and continued processing content of the memory after the end of URL buffer until first '\0' was found. Depending on the content of that memory area, this could lead to buffer over-read or over-write. Same function exists in player/hxclientkit/src/CHXClientSink.cpp too.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| RealNetworks Helix Player Linux | =1.0.6 | |
| RealPlayer |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.helixcommunity.org/pipermail/common-cvs/2007-July/014956.html
- https://helixcommunity.org/viewcvs/common/util/hxurl.cpp?view=log#rev1.24.4.1.4.1
- https://rhn.redhat.com/errata/RHSA-2010-0094.html
- https://bugzilla.redhat.com/show_bug.cgi?id=561856
- http://secunia.com/advisories/38450
- http://www.redhat.com/support/errata/RHSA-2010-0094.html
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10847
Frequently Asked Questions
What is the severity of CVE-2010-0416?
CVE-2010-0416 has been classified as a moderate severity vulnerability.
How do I fix CVE-2010-0416?
To fix CVE-2010-0416, update to the latest version of RealPlayer or Helix Player that addresses this vulnerability.
What software is affected by CVE-2010-0416?
CVE-2010-0416 affects RealPlayer and Helix Player on Linux, specifically version 1.0.6 of Helix Player.
What type of vulnerability is CVE-2010-0416?
CVE-2010-0416 is a buffer overflow vulnerability related to URL unescaping functionality.
Can CVE-2010-0416 be exploited remotely?
Yes, CVE-2010-0416 can potentially be exploited remotely through crafted URLs.
- agent/type
- agent/softwarecombine
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/references
- agent/last-modified-date
- agent/description
- agent/event
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2010-0416
- agent/weakness
- agent/trending
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-historical
- vendor/realnetworks
- canonical/realnetworks helix player linux
- version/realnetworks helix player linux/1.0.6
- canonical/realplayer