Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 669276 (CVE-2018-4013) - media-plugins/live: buffer overflow in LIVE555 RTSPServer (CVE-2018-4013)
Summary: media-plugins/live: buffer overflow in LIVE555 RTSPServer (CVE-2018-4013)
Status: IN_PROGRESS
Alias: CVE-2018-4013
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All All
: Normal major (vote)
Assignee: Gentoo Security
URL: https://cve.mitre.org/cgi-bin/cvename...
Whiteboard: B1 [ebuild]
Keywords:
Depends on:
Blocks:
 
Reported: 2018-10-22 05:04 UTC by J.O. Aho
Modified: 2018-10-23 16:38 UTC (History)
3 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description J.O. Aho 2018-10-22 05:04:35 UTC
An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.

This affects versions earlier than 2018.10.17
CVSSv3 Score: 10.0 

Reproducible: Always




More information can be found at:
https://blog.talosintelligence.com/2018/10/vulnerability-spotlight-live-networks.html