Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 717722 (CVE-2019-7733) - <media-plugins/live-2020.03.06: Buffer overflow in handleRequestBytes (CVE-2019-7733)
Summary: <media-plugins/live-2020.03.06: Buffer overflow in handleRequestBytes (CVE-20...
Status: RESOLVED FIXED
Alias: CVE-2019-7733
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa+ cve cleanup]
Keywords:
Depends on: CVE-2018-4013, CVE-2019-15232, CVE-2019-6256, CVE-2019-9215
Blocks:
  Show dependency tree
 
Reported: 2020-04-16 13:57 UTC by GLSAMaker/CVETool Bot
Modified: 2020-05-14 22:09 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description GLSAMaker/CVETool Bot gentoo-dev 2020-04-16 13:57:27 UTC 
CVE-2019-7733 (https://nvd.nist.gov/vuln/detail/CVE-2019-7733):
  In Live555 0.95, there is a buffer overflow via a large integer in a
  Content-Length HTTP header because handleRequestBytes has an unrestricted
  memmove.


(https://github.com/rgaufman/live555/issues/21 (mirror): fixed in 2019.05.12, it seems)
Comment 1 GLSAMaker/CVETool Bot gentoo-dev 2020-05-14 22:07:57 UTC 
This issue was resolved and addressed in
 GLSA 202005-06 at https://security.gentoo.org/glsa/202005-06
by GLSA coordinator Thomas Deutschmann (whissi).
Comment 2 Larry the Git Cow gentoo-dev 2020-05-14 22:09:19 UTC 
The bug has been referenced in the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=34289def96eaf7efcf888d8aaf18f2a2a2d89c83

commit 34289def96eaf7efcf888d8aaf18f2a2a2d89c83
Author:     Thomas Deutschmann <whissi@gentoo.org>
AuthorDate: 2020-05-14 22:09:03 +0000
Commit:     Thomas Deutschmann <whissi@gentoo.org>
CommitDate: 2020-05-14 22:09:03 +0000

    media-plugins/live: security cleanup
    
    Bug: https://bugs.gentoo.org/717722
    Package-Manager: Portage-2.3.99, Repoman-2.3.22
    Signed-off-by: Thomas Deutschmann <whissi@gentoo.org>

 media-plugins/live/Manifest               |   3 -
 media-plugins/live/live-2017.10.28.ebuild | 128 ------------------------------
 media-plugins/live/live-2018.01.29.ebuild | 128 ------------------------------
 media-plugins/live/live-2018.07.07.ebuild | 128 ------------------------------
 4 files changed, 387 deletions(-)