CVSS: 9.8EPSS: 0%CPEs: 3EXPL: 1CVE-2019-6256 – Gentoo Linux Security Advisory 202005-06
https://notcve.org/view.php?id=CVE-2019-6256
14 Jan 2019 — A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the readSocket function in GroupsockHelper.cpp. Se ha descubierto una denegación de servicio (DoS) en las libre... • https://github.com/rgaufman/live555/issues/19 • CWE-755: Improper Handling of Exceptional Conditions •
CVSS: 10.0EPSS: 39%CPEs: 3EXPL: 3CVE-2018-4013 – Gentoo Linux Security Advisory 202005-06
https://notcve.org/view.php?id=CVE-2018-4013
19 Oct 2018 — An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability. Existe una vulnerabilidad explotable de ejecución de código en la funcionalidad HTTP packet-parsing de la biblioteca del servidor LIVE555 RTSP en su versión 0.92. Un paquete especialmente manipulado puede provocar... • https://github.com/DoubleMice/cve-2018-4013 • CWE-787: Out-of-bounds Write •
CVSS: 7.5EPSS: 8%CPEs: 1EXPL: 2CVE-2007-6036 – LIVE555 Media Server 2007.11.1 - ParseRTSPRequestString Remote Denial of Service
https://notcve.org/view.php?id=CVE-2007-6036
20 Nov 2007 — The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation. La función parseRTSPRequestString en LIVE555 Media Server 2007.11.01 y anteriores permite a atacantes remotos provocar denegación de servicio (caida de demonio) a través de una consulta pequeña RTSP, lo cual deriba en un número negativo para ser usado a lo largo de loc... • https://www.exploit-db.com/exploits/30776 • CWE-20: Improper Input Validation •