Lucene search

China National Vulnerability DatabaseCNVD-2021-93847

HistoryFeb 28, 2019 - 12:00 a.m.

LIVE555 Invalid Memory Access Vulnerability

2019-02-2800:00:00

China National Vulnerability Database

www.cnvd.org.cn

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

LIVE555 is a set of open source C libraries for multimedia streaming.An invalid memory access vulnerability exists in the parseAuthorizationHeader function in versions of LIVE555 prior to 2019.02.27. An attacker can exploit the vulnerability to cause a memory access error via a malformed header.

CPENameOperatorVersion
Live Networks LIVE555lt2019.02.27

CPE	Name	Operator	Version
	Live Networks LIVE555	lt	2019.02.27

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

JSON

Related for CNVD-2021-93847