Upstream information

CVE-2018-18820 at MITRE


A buffer overflow was discovered in the URL-authentication backend of the Icecast before 2.4.4. If the backend is enabled, then any malicious HTTP client can send a request for that specific resource including a crafted header, leading to denial of service and potentially remote code execution.

SUSE information

Overall state of this security issue: Does not affect SUSE products

This issue is currently rated as having important severity.

SUSE Bugzilla entry: 1114434 [RESOLVED / FIXED]

SUSE Security Advisories:

List of released packages

Product(s) Fixed package version(s) References
openSUSE Leap 15.0
  • icecast >= 2.4.3-lp150.2.3.1
  • icecast-debuginfo >= 2.4.3-lp150.2.3.1
  • icecast-debugsource >= 2.4.3-lp150.2.3.1
  • icecast-doc >= 2.4.3-lp150.2.3.1
openSUSE Leap 42.3
  • icecast >= 2.4.2-7.3.1
  • icecast-debuginfo >= 2.4.2-7.3.1
  • icecast-debugsource >= 2.4.2-7.3.1
  • icecast-doc >= 2.4.2-7.3.1