Back to search
CVE-2019-6256
Published: Jan 14, 2019
Modified: Aug 4, 2024
PUBLISHED
Description
A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the readSocket function in GroupsockHelper.cpp.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[debian-lts-announce] 20190226 [SECURITY] [DLA 1690-1] liblivemedia security update
mailing-list
x_refsource_MLIST
https://github.com/rgaufman/live555/issues/19
x_refsource_MISC
20190317 [SECURITY] [DSA 4408-1] liblivemedia security update
mailing-list
x_refsource_BUGTRAQ
DSA-4408
vendor-advisory
x_refsource_DEBIAN
GLSA-202005-06
vendor-advisory
x_refsource_GENTOO
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now