PT-2019-2623 · Gstreamer+3 · Gstreamer+3

Publicado

2019-04-20

Atualizado

2024-06-15

CVE-2019-9928

CVSS v2.0

9.0

Alta

Vetor

AV:N/AC:L/Au:S/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions GStreamer versions prior to 1.16.0

Description The issue is related to a heap-based buffer overflow in the RTSP connection parser. This can be triggered by a crafted response from a server, potentially allowing remote code execution. The estimated number of potentially affected devices worldwide is not specified. There is no information about real-world incidents where this issue was exploited.

Recommendations For versions prior to 1.16.0, update to version 1.16.0 or later to resolve the issue. As a temporary workaround, consider restricting access to RTSP connections until a patch is available. Avoid using the RTSP connection parser with untrusted servers until the issue is resolved.

Correção

RCE

Buffer Overflow

Memory Corruption

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-119CWE-787

Identificadores relacionados

ALT-PU-2019-1701

ALT-PU-2020-1780

BDU:2019-02505

CVE-2019-9928

DLA-1769-1

DLA-1770-1

DSA-4437-1

OPENSUSE-SU-2019_1638-1

OPENSUSE-SU-2019_1639-1

OPENSUSE-SU-2020:0678-1

OPENSUSE-SU-2020_0678-1

OPENSUSE-SU-2024:10828-1

SUSE-SU-2019:14076-1

SUSE-SU-2019:1508-1

SUSE-SU-2019:1509-1

SUSE-SU-2019:1600-1

SUSE-SU-2019:1602-1

SUSE-SU-2019_14076-1

SUSE-SU-2019_1508-1

SUSE-SU-2019_1509-1

SUSE-SU-2019_1600-1

SUSE-SU-2019_1602-1

SUSE-SU-2020:1300-1

SUSE-SU-2020:1300-2

SUSE-SU-2020_1300-1

SUSE-SU-2020_1300-2

USN-3958-1

Produtos afetados

Alt Linux

Gstreamer

Suse

Ubuntu

PT-2019-2623 · Gstreamer+3 · Gstreamer+3

CVE-2019-9928

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 78