CVE-2013-4256
- Source
- https://cve.org/CVERecord?id=CVE-2013-4256
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2013-4256.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2013-4256
- Downstream
- Related
- Published
- 2013-10-09T14:54:25Z
- Modified
- 2026-02-04T09:59:50.759242Z
- Summary
- [none]
- Details
-
Multiple stack-based and heap-based buffer overflows in Network Audio System (NAS) 1.9.3 allow local users to cause a denial of service (crash) or possibly execute arbitrary code via the (1) display command argument to the ProcessCommandLine function in server/os/utils.c; (2) ResetHosts function in server/os/access.c; (3) openunixsocket, (4) openisclocal, (5) openxsightlocal, (6) openattlocal, or (7) openattsvr4_local function in server/os/connection.c; the (8) AUDIOHOST environment variable to the CreateWellKnownSockets or (9) AmoebaTCPConnectorThread function in server/os/connection.c; or (10) unspecified vectors related to logging in the osLogMsg function in server/os/aulog.c.
- References
-
- http://www.debian.org/security/2013/dsa-2771
- http://www.ubuntu.com/usn/USN-1986-1
- http://radscan.com/pipermail/nas/2013-August/001270.html
- http://sourceforge.net/p/nas/code/288
- http://sourceforge.net/p/nas/code/288
- http://www.openwall.com/lists/oss-security/2013/08/16/2
- http://www.openwall.com/lists/oss-security/2013/08/19/3
- http://www.securityfocus.com/bid/61848