PT-2019-1687 · Live Networks+2 · Live555+2

Publicado

2019-02-04

Atualizado

2021-03-15

CVE-2019-7314

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Live555 versions prior to 2019.02.03

Description The issue is related to the mishandling of the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error. This error may cause the RTSP server to crash or have unspecified other impact. The vulnerability can be exploited by a remote attacker to execute arbitrary code or cause a denial of service.

Recommendations For versions prior to 2019.02.03, update to version 2019.02.03 or later to resolve the issue. As a temporary workaround, consider restricting access to the RTSP server to minimize the risk of exploitation.

Correção

Use After Free

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-416

Identificadores relacionados

BDU:2019-01281

CVE-2019-7314

DLA-1690-1

DSA-4408-1

MGASA-2019-0121

OPENSUSE-SU-2019:1797-1

OPENSUSE-SU-2019:1880-1

OPENSUSE-SU-2019_1797-1

OPENSUSE-SU-2020:0944-1

OPENSUSE-SU-2020_0944-1

OPENSUSE-SU-2024:11023-1

USN-4853-1

Produtos afetados

Live555

Suse

Ubuntu

PT-2019-1687 · Live Networks+2 · Live555+2

CVE-2019-7314

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 39