Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 857777 (CVE-2021-41396)

Summary: media-plugins/live: heap buffer overread
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: normal CC: media-video
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: http://lists.live555.com/pipermail/live-devel/2021-September/021994.html
Whiteboard:
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-07-12 16:34:18 UTC 
CVE-2021-41396:

Live555 through 1.08 does not handle socket connections properly. A huge number of incoming socket connections in a short time invokes the error-handling module, in which a heap-based buffer overflow happens. An attacker can leverage this to launch a DoS attack.

CVE also references: http://www.live555.com/liveMedia/public/changelog.txt

I don't see a 1.08 anywhere, so not sure where MITRE got that version.