PT-2019-1688 · Live Networks+2 · Live555+2

Published

2019-02-27

Updated

2022-04-22

CVE-2019-9215

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Live555 versions prior to 2019.02.27

Description The issue arises from insufficient input validation in the parseAuthorizationHeader function, leading to invalid memory access. This can be exploited by a remote attacker to execute arbitrary code or cause a denial of service.

Recommendations For versions prior to 2019.02.27, update to a version 2019.02.27 or later to resolve the issue. As a temporary workaround, consider disabling the parseAuthorizationHeader function until a patch is available.

Fix

RCE

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-20

Related Identifiers

BDU:2019-01282

CVE-2019-9215

DLA-1720-1

DSA-4408-1

MGASA-2019-0121

OPENSUSE-SU-2019:1797-1

OPENSUSE-SU-2019:1880-1

OPENSUSE-SU-2019_1797-1

OPENSUSE-SU-2020:0944-1

OPENSUSE-SU-2020_0944-1

OPENSUSE-SU-2024:11023-1

USN-4853-1

Affected Products

Live555

Suse

Ubuntu

PT-2019-1688 · Live Networks+2 · Live555+2

CVE-2019-9215

Weakness Enumeration

Related Identifiers

Affected Products

References · 37