PT-2019-1688 · Live Networks+2 · Live555+2

Publicado

2019-02-27

Atualizado

2022-04-22

CVE-2019-9215

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Live555 versions prior to 2019.02.27

Description The issue arises from insufficient input validation in the parseAuthorizationHeader function, leading to invalid memory access. This can be exploited by a remote attacker to execute arbitrary code or cause a denial of service.

Recommendations For versions prior to 2019.02.27, update to a version 2019.02.27 or later to resolve the issue. As a temporary workaround, consider disabling the parseAuthorizationHeader function until a patch is available.

Correção

RCE

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-20

Identificadores relacionados

BDU:2019-01282

CVE-2019-9215

DLA-1720-1

DSA-4408-1

MGASA-2019-0121

OPENSUSE-SU-2019:1797-1

OPENSUSE-SU-2019:1880-1

OPENSUSE-SU-2019_1797-1

OPENSUSE-SU-2020:0944-1

OPENSUSE-SU-2020_0944-1

OPENSUSE-SU-2024:11023-1

USN-4853-1

Produtos afetados

Live555

Suse

Ubuntu

PT-2019-1688 · Live Networks+2 · Live555+2

CVE-2019-9215

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 37