Lucene search

[email protected]CVE-2007-6036

HistoryNov 20, 2007 - 11:46 a.m.

CVE-2007-6036

2007-11-2011:46:00

CWE-20

[email protected]

web.nvd.nist.gov

cve-2007-6036

live555 media server

denial of service

rtsp

remote attackers

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

6.3 Medium

AI Score

Confidence

Low

0.074 Low

EPSS

Percentile

94.1%

JSON

The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation.

Affected configurations

NVD

Node

live555media_serverRange≤2007.11.01

CPENameOperatorVersion
live555:media_serverlive555 media serverle2007.11.01

CPE	Name	Operator	Version
live555:media_server	live555 media server	le	2007.11.01

References

aluigi.altervista.org/adv/live555x-adv.txt

secunia.com/advisories/27711

secunia.com/advisories/29356

security.gentoo.org/glsa/glsa-200803-22.xml

www.live555.com/liveMedia/public/changelog.txt

www.securityfocus.com/archive/1/483910/100/0/threaded

www.securityfocus.com/bid/26488

www.vupen.com/english/advisories/2007/3939

exchange.xforce.ibmcloud.com/vulnerabilities/38542

7.1 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

6.3 Medium

AI Score

Confidence

Low

0.074 Low

EPSS

Percentile

94.1%

JSON

Related for CVE-2007-6036

nessus2 securityvulns1 freebsd1 gentoo1 openvas4 cvelist1 prion1 nvd1