CVE-2019-6256
https://notcve.org/view.php?id=CVE-2019-6256
A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the readSocket function in GroupsockHelper.cpp. Se ha descubierto una denegación de servicio (DoS) en las librerías Live555 Streaming Media tal y como se utilizan en la versión 0.93 de Live555 Media Server. Esto puede provocar el cierre inesperado de "RTSPServer" en handleHTTPCmd_TunnelingPOST cuando "tunneling" RTSP-over-HTTP es soportado mediante cabeceras HTTP en una petición GET dentro de la misma sesión TCP. • https://github.com/rgaufman/live555/issues/19 https://lists.debian.org/debian-lts-announce/2019/02/msg00037.html https://seclists.org/bugtraq/2019/Mar/22 https://security.gentoo.org/glsa/202005-06 https://www.debian.org/security/2019/dsa-4408 • CWE-755: Improper Handling of Exceptional Conditions •
CVE-2018-4013
https://notcve.org/view.php?id=CVE-2018-4013
An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability. Existe una vulnerabilidad explotable de ejecución de código en la funcionalidad HTTP packet-parsing de la biblioteca del servidor LIVE555 RTSP en su versión 0.92. Un paquete especialmente manipulado puede provocar un desbordamiento de búfer basado en pila que daría lugar a la ejecución de código. • http://lists.live555.com/pipermail/live-devel/2018-October/021071.html https://lists.debian.org/debian-lts-announce/2018/11/msg00020.html https://security.gentoo.org/glsa/202005-06 https://talosintelligence.com/vulnerability_reports/TALOS-2018-0684 https://www.debian.org/security/2018/dsa-4343 • CWE-787: Out-of-bounds Write •
CVE-2007-6036 – LIVE555 Media Server 2007.11.1 - ParseRTSPRequestString Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-6036
The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation. La función parseRTSPRequestString en LIVE555 Media Server 2007.11.01 y anteriores permite a atacantes remotos provocar denegación de servicio (caida de demonio) a través de una consulta pequeña RTSP, lo cual deriba en un número negativo para ser usado a lo largo de localización de memoria. • https://www.exploit-db.com/exploits/30776 http://aluigi.altervista.org/adv/live555x-adv.txt http://secunia.com/advisories/27711 http://secunia.com/advisories/29356 http://security.gentoo.org/glsa/glsa-200803-22.xml http://www.live555.com/liveMedia/public/changelog.txt http://www.securityfocus.com/archive/1/483910/100/0/threaded http://www.securityfocus.com/bid/26488 http://www.vupen.com/english/advisories/2007/3939 https://exchange.xforce.ibmcloud.com/vulnerabilities/38542 • CWE-20: Improper Input Validation •