CVE-2021-41396

Name of the Vulnerable Software and Affected Versions Live555 versions 1.08 and earlier

Description The issue arises from improper handling of socket connections. When a large number of incoming socket connections occurs in a short time, it triggers the error-handling module, leading to a heap-based buffer overflow. This can be exploited by an attacker to launch a Denial of Service (DoS) attack.

Recommendations For versions 1.08 and earlier, consider restricting the number of incoming socket connections to prevent the error-handling module from being invoked, thereby minimizing the risk of a heap-based buffer overflow. As a temporary workaround, implement rate limiting on incoming connections to reduce the likelihood of exploitation.