CVE-2018-4013
CVE-2018-4013
An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Affected products
Live Networks · LIVE555 Media Serverpublic PoCs found — 2
githubgithub.com/r3dxpl0it/RTSPServer-Code-Execution-Vulnerability★ 15githubgithub.com/DoubleMice/cve-2018-4013★ 7⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.
Want to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
http://lists.live555.com/pipermail/live-devel/2018-October/021071.htmlhttps://lists.debian.org/debian-lts-announce/2018/11/msg00020.htmlhttps://security.gentoo.org/glsa/202005-06https://talosintelligence.com/vulnerability_reports/TALOS-2018-0684https://www.debian.org/security/2018/dsa-4343