PT-2024-31132 · Unknown+2 · Gstreamer Rtsp Server+2
Wingtecher
·
Published
2024-10-22
·
Updated
2024-12-10
·
CVE-2024-44331
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
GStreamer RTSP server version 1.25.0
Description
The issue is related to incorrect access control in the GStreamer RTSP server, which allows remote attackers to cause a denial of service via a series of specially crafted hexstream requests. This is due to a problem in the gst-rtsp-server/rtsp-media.c file.
Recommendations
For GStreamer RTSP server version 1.25.0, consider restricting access to the RTSP server until a patch is available. As a temporary workaround, avoid using the
gst-rtsp-server module to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.DoS
Buffer Overflow
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Alt Linux
Debian
Gstreamer Rtsp Server