rplay Denial-of-Service Vulnerability in librplay Library
Vulnerability
A denial-of-service vulnerability has been identified in rplay versions through 3.3.2. This issue, which causes a segmentation fault and crashes the audio daemon, arises in the 'memcpy' function within the 'RPLAY_DATA' case of 'rplay_unpack' in the 'librplay' library. The vulnerability can be exploited by sending crafted packet data to the rplay server, which processes the data without any authentication.
Impact
Exploitation of this vulnerability leads to a crash of the rplay audio daemon, causing a denial-of-service condition. Additionally, according to Vincent Lefèvre, this could disrupt the FVWM window manager by causing a crash, unless the manager has specific protections for modules.
Reproduction
The vulnerability can be reproduced by sending a packet with unsanitized data to an rplay server. This can be done using a simple harness that targets the 'rplay_unpack' function in the 'librplay' library, specifically the 'RPLAY_DATA' case. The rplay server processes the packet data without authentication, leading to a segmentation fault and a crash of the audio daemon.
Vulnerability Rating
Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.