PT-2008-1590 · Lscube · Lscube Feng

Luigi Auriemma

Published

2008-01-04

Updated

2018-10-15

CVE-2007-6627

CVSS v2.0

7.5

High

Vector

AV:N/AC:L/Au:N/C:P/I:P/A:P

Name of the Vulnerable Software and Affected Versions LScube Feng versions 0.1.15 and earlier

Description The issue is related to an integer overflow in the RTSP remove msg function, which can be triggered by a remote attacker sending an RTP packet with a size value of 0xffff. This can cause a denial of service (crash) and potentially allow the execution of arbitrary code.

Recommendations For versions 0.1.15 and earlier, consider disabling the RTSP remove msg function as a temporary workaround until a patch is available. Restrict access to the RTP packet handling module to minimize the risk of exploitation. Avoid using size values that could trigger the integer overflow in the affected function.

Exploit

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-189

Related Identifiers

CVE-2007-6627

Affected Products

Lscube Feng

PT-2008-1590 · Lscube · Lscube Feng

CVE-2007-6627

Weakness Enumeration

Related Identifiers

Affected Products

References · 9