CVE-2007-6629

Name of the Vulnerable Software and Affected Versions LScube Feng versions 0.1.15 and earlier

Description The issue is related to an interpretation conflict that allows remote attackers to cause a denial of service, resulting in a NULL dereference and daemon crash. This can be achieved by including a carriage-return character in the User-Agent header line. The conflict arises because the carriage-return character is considered a line delimiter when the header is split into individual lines, but it is not treated as such when the log user agent function in RTSP utils.c parses the content of the User-Agent line.

Recommendations For LScube Feng versions 0.1.15 and earlier, consider restricting or validating the User-Agent header to prevent the inclusion of carriage-return characters as a temporary workaround until a patch is available.