PT-2007-6952 · Live555 · Live555 Media Server

Publicado

2007-11-20

Atualizado

2018-10-15

CVE-2007-6036

CVSS v2.0

7.1

Alta

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions LIVE555 Media Server versions 2007.11.01 and earlier

Description The issue allows remote attackers to cause a denial of service, resulting in a daemon crash. This is achieved by sending a short RTSP query, which causes a negative number to be used during memory allocation in the parseRTSPRequestString function.

Recommendations For LIVE555 Media Server versions 2007.11.01 and earlier, consider updating to a newer version to resolve the issue. As a temporary workaround, restrict access to the parseRTSPRequestString function to minimize the risk of exploitation.

Exploit

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

CVE-2007-6036

Produtos afetados

Live555 Media Server

PT-2007-6952 · Live555 · Live555 Media Server

CVE-2007-6036

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 11