CVE-2019-9928
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
91.6%
GStreamer before 1.16.0 has a heap-based buffer overflow in the RTSP connection parser via a crafted response from a server, potentially allowing remote code execution.
Affected configurations
| Vendor | Product | Version | CPE |
|---|---|---|---|
| gstreamer_project | gstreamer | * | cpe:2.3:a:gstreamer_project:gstreamer:*:*:*:*:*:*:*:* |
| debian | debian_linux | 8.0 | cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:* |
| debian | debian_linux | 9.0 | cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* |
| canonical | ubuntu_linux | 16.04 | cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* |
| canonical | ubuntu_linux | 18.04 | cpe:2.3:o:canonical:ubuntu_linux:18.04:*:*:*:lts:*:*:* |
| canonical | ubuntu_linux | 18.10 | cpe:2.3:o:canonical:ubuntu_linux:18.10:*:*:*:*:*:*:* |
References
lists.opensuse.org/opensuse-security-announce/2019-06/msg00078.html
lists.opensuse.org/opensuse-security-announce/2019-06/msg00082.html
lists.opensuse.org/opensuse-security-announce/2020-05/msg00049.html
gstreamer.freedesktop.org/security/
gstreamer.freedesktop.org/security/sa-2019-0001.html
lists.debian.org/debian-lts-announce/2019/04/msg00030.html
lists.debian.org/debian-lts-announce/2019/04/msg00031.html
seclists.org/bugtraq/2019/Apr/39
security.gentoo.org/glsa/202003-33
usn.ubuntu.com/3958-1/
www.debian.org/security/2019/dsa-4437
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
MEDIUM
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:M/Au:N/C:P/I:P/A:P
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
REQUIRED
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
HIGH
Availability Impact
HIGH
CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
AI Score
Confidence
High
EPSS
Percentile
91.6%