PT-2020-18920 · Gstreamer+1 · Gstreamer+2

Published

2020-03-23

Updated

2024-06-15

CVE-2020-6095

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions GStreamer/gst-rtsp-server version 1.14.5

Description An exploitable denial of service issue exists in the GstRTSPAuth functionality. A specially crafted RTSP setup request can cause a null pointer deference, resulting in denial-of-service. An attacker can send a malicious packet to trigger this issue.

Recommendations For version 1.14.5, consider disabling the GstRTSPAuth functionality as a temporary workaround until a patch is available. Restrict access to the RTSP setup request to minimize the risk of exploitation.

Exploit

Fix

DoS

NULL Pointer Dereference

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-476CWE-690

Related Identifiers

CVE-2020-6095

OPENSUSE-SU-2020:0535-1

OPENSUSE-SU-2020_0535-1

OPENSUSE-SU-2024:10831-1

Affected Products

Gstreamer

Suse

Gst-Rtsp-Server

PT-2020-18920 · Gstreamer+1 · Gstreamer+2

CVE-2020-6095

Weakness Enumeration

Related Identifiers

Affected Products

References · 18