ID CVE-2019-6256
Summary A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the readSocket function in GroupsockHelper.cpp.
References
Vulnerable Configurations
  • cpe:2.3:a:live555:live555_media_server:0.93:*:*:*:*:*:*:*
    cpe:2.3:a:live555:live555_media_server:0.93:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
CVSS
Base: 7.5 (as of 24-08-2020 - 17:37)
Impact:
Exploitability:
CWE CWE-755
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL PARTIAL PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:P/A:P
refmap via4
bugtraq 20190317 [SECURITY] [DSA 4408-1] liblivemedia security update
debian DSA-4408
gentoo GLSA-202005-06
misc https://github.com/rgaufman/live555/issues/19
mlist [debian-lts-announce] 20190226 [SECURITY] [DLA 1690-1] liblivemedia security update
Last major update 24-08-2020 - 17:37
Published 14-01-2019 - 08:29
Last modified 24-08-2020 - 17:37
Back to Top