First published: Mon Jan 14 2019(Updated: )
A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the readSocket function in GroupsockHelper.cpp.
Credit: cve@mitre.org cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
debian/liblivemedia | 2018.11.26-1.1 | |
Live555 Live555 Media Server | =0.93 | |
Debian Debian Linux | =8.0 | |
Debian Debian Linux | =9.0 | |
=0.93 | ||
=8.0 | ||
=9.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for the Denial of Service issue in the LIVE555 Streaming Media libraries is CVE-2019-6256.
The severity of CVE-2019-6256 is critical with a severity value of 9.8.
The software affected by CVE-2019-6256 includes Live555 Media Server 0.93 and liblivemedia on Debian Linux 8.0 and 9.0.
CVE-2019-6256 can be exploited by sending x-sessioncookie HTTP headers in a GET request and a POST request to cause an RTSPServer crash.
Yes, the remedy for CVE-2019-6256 is to update the liblivemedia package to version 2018.11.26-1.1 on Debian Linux.