ID
VAR-201008-0397
TITLE
Mereo HTTP Request Remote Denial of Service Vulnerability
Trust: 0.6
DESCRIPTION
Mereo is a small HTTP server running on the Windows platform. A remote attacker can cause the mereo.exe process to crash by sending a malicious HTTP request to the Mereo server. Mereo is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary checks on user-supplied input before copying it to an insufficiently sized memory buffer. An attacker can exploit this issue to execute arbitrary code within the context of the affected application. Failed exploit attempts will result in a denial-of-service condition. Mereo 1.9.2 is vulnerable; other versions may also be affected
Trust: 0.81
IOT TAXONOMY
| category: | ['Network device'] | sub_category: | - | Trust: 0.6 |
AFFECTED PRODUCTS
| vendor: | mereo | model: | mereo | scope: | eq | version: | 1.9.2 | Trust: 0.6 |
| vendor: | assembla | model: | mereo | scope: | eq | version: | 1.9.2 | Trust: 0.3 |
CVSS
SEVERITY | CVSSV2 | CVSSV3 | ||||||||||||||||||||||||||||||||||||||||||
|
|
THREAT TYPE
network
Trust: 0.3
TYPE
Boundary Condition Error
Trust: 0.3
EXTERNAL IDS
| db: | BID | id: | 42839 | Trust: 0.9 |
| db: | CNVD | id: | CNVD-2010-3480 | Trust: 0.6 |
REFERENCES
| url: | http://www.securityfocus.com/bid/42839/info | Trust: 0.6 |
| url: | http://www.assembla.com/spaces/mereo/wiki?id=bmd54a1xer3ofueje5avnr | Trust: 0.3 |
CREDITS
CwG GeNiuS
Trust: 0.3
SOURCES
| db: | CNVD | id: | CNVD-2010-3480 |
| db: | BID | id: | 42839 |
LAST UPDATE DATE
2022-05-17T01:41:39.808000+00:00
SOURCES UPDATE DATE
| db: | CNVD | id: | CNVD-2010-3480 | date: | 2010-08-30T00:00:00 |
| db: | BID | id: | 42839 | date: | 2010-08-30T00:00:00 |
SOURCES RELEASE DATE
| db: | CNVD | id: | CNVD-2010-3480 | date: | 2010-08-30T00:00:00 |
| db: | BID | id: | 42839 | date: | 2010-08-30T00:00:00 |