许彬彬

**Name of the Vulnerable Software and Affected Versions** Live555 Media Server version 0.93 **Description** A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server. It can cause an RTSPServer crash in `handleHTTPCmd TunnelingPOST`, when RTSP-over-HTTP tunneling is supported, via `x-sessioncookie` HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the `readSocket` function in `GroupsockHelper.cpp`. The vulnerability exists due to insufficient input validation in the `readSocket` function of the `liblivemedia` library, which can allow a remote attacker to cause a denial of service. **Recommendations** For Live555 Media Server version 0.93, as a temporary workaround, consider disabling the `handleHTTPCmd TunnelingPOST` function or restricting RTSP-over-HTTP tunneling support until a patch is available. Additionally, restrict access to the `readSocket` function in `GroupsockHelper.cpp` to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.