PT-2024-26465 · Unknown · Ant Media Server

Mekya

Published

2024-11-29

Updated

2024-12-02

CVE-2024-35371

CVSS v4.0

8.7

High

Vector

AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Name of the Vulnerable Software and Affected Versions Ant-Media-Server version 2.8.2

Description The issue arises from insufficient input sanitization in the logging mechanism, leading to improper output neutralization for logs. This allows user-controllable data, such as identifiers or other sensitive information, to be included in log entries without restrictions.

Recommendations For Ant-Media-Server version 2.8.2, consider implementing proper filtering or validation to prevent user-controllable data from being included in log entries without restrictions. As a temporary workaround, restrict access to log entries to minimize the risk of sensitive information exposure. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125

Related Identifiers

CVE-2024-35371

GHSA-2GX6-QRPP-C4P3

Affected Products

Ant Media Server

PT-2024-26465 · Unknown · Ant Media Server

CVE-2024-35371

Weakness Enumeration

Related Identifiers

Affected Products

References · 10