PT-2017-17058 · Evostream · Evostream Media Server

Peter Baris

Published

2017-03-10

Updated

2017-03-15

CVE-2017-6427

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions EvoStream Media Server version 1.7.1

Description A Buffer Overflow issue was found, which can be triggered by a crafted HTTP request containing a malicious header, leading to a crash. An example of an attack methodology includes sending a GET request with a long message-body.

Recommendations For EvoStream Media Server version 1.7.1, consider restricting access to the HTTP endpoint to minimize the risk of exploitation until a patch is available. Avoid using long message-bodies in GET requests to reduce the risk of triggering the issue.

Exploit

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

CVE-2017-6427

Affected Products

Evostream Media Server

PT-2017-17058 · Evostream · Evostream Media Server

CVE-2017-6427

Weakness Enumeration

Related Identifiers

Affected Products

References · 4