Vulnerabilites related to live555 - live555
CVE-2023-37117 (GCVE-0-2023-37117)
Vulnerability from cvelistv5
Published
2024-01-12 00:00
Modified
2024-09-03 18:14
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP.
References
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-02T17:01:09.995Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_transferred"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"tags": [
"x_transferred"
],
"url": "http://lists.live555.com/pipermail/live-devel/2023-June/022331.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2023-37117",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-03-26T19:49:06.518954Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-09-03T18:14:41.829Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-01-12T06:17:44.580308",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"url": "http://lists.live555.com/pipermail/live-devel/2023-June/022331.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2023-37117",
"datePublished": "2024-01-12T00:00:00",
"dateReserved": "2023-06-28T00:00:00",
"dateUpdated": "2024-09-03T18:14:41.829Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-41396 (GCVE-0-2021-41396)
Vulnerability from cvelistv5
Published
2022-07-11 11:38
Modified
2024-08-04 03:08
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Live555 through 1.08 does not handle socket connections properly. A huge number of incoming socket connections in a short time invokes the error-handling module, in which a heap-based buffer overflow happens. An attacker can leverage this to launch a DoS attack.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T03:08:32.468Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-September/021994.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Live555 through 1.08 does not handle socket connections properly. A huge number of incoming socket connections in a short time invokes the error-handling module, in which a heap-based buffer overflow happens. An attacker can leverage this to launch a DoS attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-11T11:38:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-September/021994.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-41396",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Live555 through 1.08 does not handle socket connections properly. A huge number of incoming socket connections in a short time invokes the error-handling module, in which a heap-based buffer overflow happens. An attacker can leverage this to launch a DoS attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.live555.com/liveMedia/public/changelog.txt",
"refsource": "MISC",
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"name": "http://lists.live555.com/pipermail/live-devel/2021-September/021994.html",
"refsource": "MISC",
"url": "http://lists.live555.com/pipermail/live-devel/2021-September/021994.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-41396",
"datePublished": "2022-07-11T11:38:05",
"dateReserved": "2021-09-20T00:00:00",
"dateUpdated": "2024-08-04T03:08:32.468Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39282 (GCVE-0-2021-39282)
Vulnerability from cvelistv5
Published
2021-08-18 16:59
Modified
2024-08-04 02:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:06:41.529Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021970.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.13%5D"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T16:59:05",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021970.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.13%5D"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-39282",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.live555.com/pipermail/live-devel/2021-August/021970.html",
"refsource": "MISC",
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021970.html"
},
{
"name": "http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.13]",
"refsource": "MISC",
"url": "http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.13]"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-39282",
"datePublished": "2021-08-18T16:59:05",
"dateReserved": "2021-08-18T00:00:00",
"dateUpdated": "2024-08-04T02:06:41.529Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-39283 (GCVE-0-2021-39283)
Vulnerability from cvelistv5
Published
2021-08-18 16:58
Modified
2024-08-04 02:06
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T02:06:41.522Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.13%5D"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021969.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-18T16:58:53",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.13%5D"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021969.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-39283",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.13]",
"refsource": "MISC",
"url": "http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.13]"
},
{
"name": "http://lists.live555.com/pipermail/live-devel/2021-August/021969.html",
"refsource": "MISC",
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021969.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-39283",
"datePublished": "2021-08-18T16:58:53",
"dateReserved": "2021-08-18T00:00:00",
"dateUpdated": "2024-08-04T02:06:41.522Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38380 (GCVE-0-2021-38380)
Vulnerability from cvelistv5
Published
2021-08-10 17:16
Modified
2024-08-04 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. An attacker can leverage this to launch a DoS attack.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:16.460Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021954.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.04%5D"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. An attacker can leverage this to launch a DoS attack."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-10T17:16:22",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021954.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.04%5D"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38380",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. An attacker can leverage this to launch a DoS attack."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.live555.com/pipermail/live-devel/2021-August/021954.html",
"refsource": "MISC",
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021954.html"
},
{
"name": "http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.04]",
"refsource": "MISC",
"url": "http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.04]"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38380",
"datePublished": "2021-08-10T17:16:22",
"dateReserved": "2021-08-10T00:00:00",
"dateUpdated": "2024-08-04T01:37:16.460Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38382 (GCVE-0-2021-38382)
Vulnerability from cvelistv5
Published
2021-08-10 17:15
Modified
2024-08-04 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Live555 through 1.08 does not handle Matroska and Ogg files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:16.647Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021959.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.06%5D"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Live555 through 1.08 does not handle Matroska and Ogg files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-10T17:15:59",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021959.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.06%5D"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38382",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Live555 through 1.08 does not handle Matroska and Ogg files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.live555.com/pipermail/live-devel/2021-August/021959.html",
"refsource": "MISC",
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021959.html"
},
{
"name": "http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.06]",
"refsource": "MISC",
"url": "http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.06]"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38382",
"datePublished": "2021-08-10T17:15:59",
"dateReserved": "2021-08-10T00:00:00",
"dateUpdated": "2024-08-04T01:37:16.647Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2021-38381 (GCVE-0-2021-38381)
Vulnerability from cvelistv5
Published
2021-08-10 17:16
Modified
2024-08-04 01:37
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- n/a
Summary
Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash.
References
| ► | URL | Tags | ||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T01:37:16.543Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021961.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.09%5D"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-08-10T17:16:11",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021961.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.09%5D"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2021-38381",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://lists.live555.com/pipermail/live-devel/2021-August/021961.html",
"refsource": "MISC",
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021961.html"
},
{
"name": "http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.09]",
"refsource": "MISC",
"url": "http://www.live555.com/liveMedia/public/changelog.txt#[2021.08.09]"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2021-38381",
"datePublished": "2021-08-10T17:16:11",
"dateReserved": "2021-08-10T00:00:00",
"dateUpdated": "2024-08-04T01:37:16.543Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
Vulnerability from fkie_nvd
Published
2021-08-10 18:15
Modified
2024-11-21 06:16
Severity ?
Summary
Live555 through 1.08 does not handle Matroska and Ogg files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:live555:live555:*:*:*:*:*:*:*:*",
"matchCriteriaId": "273E5D2E-D8DC-4155-A1BF-3353CA4B02DE",
"versionEndExcluding": "2021.08.06",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Live555 through 1.08 does not handle Matroska and Ogg files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash."
},
{
"lang": "es",
"value": "Live555 versiones hasta 1.08, no maneja apropiadamente los archivos Matroska y Ogg. El env\u00edo de dos comandos RTSP SETUP sucesivos para la misma pista causa un Uso de la Memoria previamente Liberada y un bloqueo del demonio"
}
],
"id": "CVE-2021-38382",
"lastModified": "2024-11-21T06:16:57.267",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-10T18:15:07.427",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021959.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.06%5D"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021959.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.06%5D"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2024-01-12 07:15
Modified
2024-11-21 08:11
Severity ?
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
9.8 (Critical) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Summary
A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.live555.com/pipermail/live-devel/2023-June/022331.html | Exploit, Mailing List, Vendor Advisory | |
| cve@mitre.org | http://www.live555.com/liveMedia/public/changelog.txt | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.live555.com/pipermail/live-devel/2023-June/022331.html | Exploit, Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.live555.com/liveMedia/public/changelog.txt | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:live555:live555:2023.05.10:*:*:*:*:*:*:*",
"matchCriteriaId": "FD34412A-C903-4798-A9AF-8EE23BFBE493",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP."
},
{
"lang": "es",
"value": "Se encontr\u00f3 una vulnerabilidad de use after free del mont\u00f3n en live555 versi\u00f3n 2023.05.10 mientras se manejaba el SETUP."
}
],
"id": "CVE-2023-37117",
"lastModified": "2024-11-21T08:11:03.020",
"metrics": {
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
},
"published": "2024-01-12T07:15:12.077",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.live555.com/pipermail/live-devel/2023-June/022331.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.live555.com/pipermail/live-devel/2023-June/022331.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"type": "Secondary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-10 18:15
Modified
2024-11-21 06:16
Severity ?
Summary
Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:live555:live555:*:*:*:*:*:*:*:*",
"matchCriteriaId": "79BE78C8-3A6D-45D1-9F52-DB9D0A8CA0D2",
"versionEndExcluding": "2021.08.09",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Live555 through 1.08 does not handle MPEG-1 or 2 files properly. Sending two successive RTSP SETUP commands for the same track causes a Use-After-Free and daemon crash."
},
{
"lang": "es",
"value": "Live555 versiones hasta 1.08, no maneja apropiadamente los archivos MPEG-1 o 2. El env\u00edo de dos comandos RTSP SETUP sucesivos para la misma pista provoca un Uso de la Memoria previamente Liberada y un bloqueo del demonio"
}
],
"id": "CVE-2021-38381",
"lastModified": "2024-11-21T06:16:57.110",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-10T18:15:07.387",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021961.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.09%5D"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021961.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.09%5D"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-416"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-18 17:15
Modified
2024-11-21 06:19
Severity ?
Summary
Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:live555:live555:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC5D5907-70E1-4D18-A73A-CC0E0AD83965",
"versionEndIncluding": "1.08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Live555 through 1.08 has a memory leak in AC3AudioStreamParser for AC3 files."
},
{
"lang": "es",
"value": "Live555 versiones hasta 1.08, presenta una p\u00e9rdida de memoria en la funci\u00f3n AC3AudioStreamParser para archivos AC3."
}
],
"id": "CVE-2021-39282",
"lastModified": "2024-11-21T06:19:06.813",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-18T17:15:09.230",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021970.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.13%5D"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021970.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.13%5D"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-401"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-10 18:15
Modified
2024-11-21 06:16
Severity ?
Summary
Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. An attacker can leverage this to launch a DoS attack.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:live555:live555:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AB55807C-0F36-4097-A2BE-299BB1380D41",
"versionEndExcluding": "2021.08.04",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Live555 through 1.08 mishandles huge requests for the same MP3 stream, leading to recursion and s stack-based buffer over-read. An attacker can leverage this to launch a DoS attack."
},
{
"lang": "es",
"value": "Live555 versiones hasta 1.08, no maneja apropiadamente grandes peticiones para el mismo flujo de MP3, conllevando a una recursi\u00f3n y una lectura excesiva del b\u00fafer en la regi\u00f3n stack de la memoria. Un atacante puede aprovechar esto para lanzar un ataque DoS"
}
],
"id": "CVE-2021-38380",
"lastModified": "2024-11-21T06:16:56.917",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-10T18:15:07.347",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021954.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.04%5D"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021954.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.04%5D"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2021-08-18 17:15
Modified
2024-11-21 06:19
Severity ?
Summary
liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:live555:live555:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC5D5907-70E1-4D18-A73A-CC0E0AD83965",
"versionEndIncluding": "1.08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "liveMedia/FramedSource.cpp in Live555 through 1.08 allows an assertion failure and application exit via multiple SETUP and PLAY commands."
},
{
"lang": "es",
"value": "El archivo liveMedia/FramedSource.cpp en Live555 versiones hasta 1.08, permite un fallo de aserci\u00f3n y la salida de la aplicaci\u00f3n por medio de m\u00faltiples comandos SETUP y PLAY."
}
],
"id": "CVE-2021-39283",
"lastModified": "2024-11-21T06:19:07.000",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 4.3,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 1.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-08-18T17:15:09.263",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021969.html"
},
{
"source": "cve@mitre.org",
"url": "http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.13%5D"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-August/021969.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.live555.com/liveMedia/public/changelog.txt#%5B2021.08.13%5D"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-617"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
Vulnerability from fkie_nvd
Published
2022-07-12 14:15
Modified
2024-11-21 06:26
Severity ?
Summary
Live555 through 1.08 does not handle socket connections properly. A huge number of incoming socket connections in a short time invokes the error-handling module, in which a heap-based buffer overflow happens. An attacker can leverage this to launch a DoS attack.
References
| ▶ | URL | Tags | |
|---|---|---|---|
| cve@mitre.org | http://lists.live555.com/pipermail/live-devel/2021-September/021994.html | Exploit, Mailing List, Vendor Advisory | |
| cve@mitre.org | http://www.live555.com/liveMedia/public/changelog.txt | Release Notes, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://lists.live555.com/pipermail/live-devel/2021-September/021994.html | Exploit, Mailing List, Vendor Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | http://www.live555.com/liveMedia/public/changelog.txt | Release Notes, Vendor Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:live555:live555:*:*:*:*:*:*:*:*",
"matchCriteriaId": "AC5D5907-70E1-4D18-A73A-CC0E0AD83965",
"versionEndIncluding": "1.08",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Live555 through 1.08 does not handle socket connections properly. A huge number of incoming socket connections in a short time invokes the error-handling module, in which a heap-based buffer overflow happens. An attacker can leverage this to launch a DoS attack."
},
{
"lang": "es",
"value": "Live555 versiones hasta 1.08, no maneja apropiadamente las conexiones de socket. Un gran n\u00famero de conexiones de socket entrantes en poco tiempo invoca el m\u00f3dulo de administraci\u00f3n de errores, en el que se produce un desbordamiento de b\u00fafer en la regi\u00f3n heap de la memoria. Un atacante puede aprovechar esto para lanzar un ataque DoS"
}
],
"id": "CVE-2021-41396",
"lastModified": "2024-11-21T06:26:12.400",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 5.0,
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-07-12T14:15:14.797",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-September/021994.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Mailing List",
"Vendor Advisory"
],
"url": "http://lists.live555.com/pipermail/live-devel/2021-September/021994.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Release Notes",
"Vendor Advisory"
],
"url": "http://www.live555.com/liveMedia/public/changelog.txt"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}