ID |
CVE-2019-6256
|
Summary |
A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the readSocket function in GroupsockHelper.cpp. |
References |
|
Vulnerable Configurations |
-
cpe:2.3:a:live555:live555_media_server:0.93:*:*:*:*:*:*:*
cpe:2.3:a:live555:live555_media_server:0.93:*:*:*:*:*:*:*
-
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
-
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
|
CVSS |
Base: | 7.5 (as of 24-08-2020 - 17:37) |
Impact: | |
Exploitability: | |
|
CWE |
CWE-755 |
CAPEC |
|
Access |
Vector | Complexity | Authentication |
NETWORK |
LOW |
NONE |
|
Impact |
Confidentiality | Integrity | Availability |
PARTIAL |
PARTIAL |
PARTIAL |
|
cvss-vector
via4
|
AV:N/AC:L/Au:N/C:P/I:P/A:P
|
refmap
via4
|
bugtraq | 20190317 [SECURITY] [DSA 4408-1] liblivemedia security update | debian | DSA-4408 | gentoo | GLSA-202005-06 | misc | https://github.com/rgaufman/live555/issues/19 | mlist | [debian-lts-announce] 20190226 [SECURITY] [DLA 1690-1] liblivemedia security update |
|
Last major update |
24-08-2020 - 17:37 |
Published |
14-01-2019 - 08:29 |
Last modified |
24-08-2020 - 17:37 |