20 matches found
EUVD-2013-6735
Malware in sbrugna...
Denial Of Service (DoS)
openzeppelincairocontracts is vulnerable to denial of service. The vulnerability exists because the account signature implementation is not properly handled which renders unusable account contracts in live networks causing an application crash...
Design/Logic Flaw
OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to an error that renders account contracts unusable on live networks. This issue affects all accounts vanilla and ethereum flavors in the...
PYSEC-2022-43143
OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to an error that renders account contracts unusable on live networks. This issue affects all accounts vanilla and ethereum flavors in the...
CVE-2022-31153 OpenZeppelin Contracts for Cairo account cannot process transactions on Goerli
OpenZeppelin Contracts for Cairo is a library for contract development written in Cairo for StarkNet, a decentralized ZK Rollup. Version 0.2.0 is vulnerable to an error that renders account contracts unusable on live networks. This issue affects all accounts vanilla and ethereum flavors in the...
CVE-2020-24027
In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in the server handling of a RTSP "PLAY" command, when the command specifies seeking by absolute time...
Buffer overflow
In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in the server handling of a RTSP "PLAY" command, when the command specifies seeking by absolute time...
CVE-2020-24027
CVE-2020-24027 concerns a potential buffer overflow in Live Networks, Inc.’s liblivemedia (version 20200625) when handling an RTSP “PLAY” command that specifies seeking by absolute time. The connected sources confirm the affected component and the root cause is a buffer overflow in the RTSP serve...
CVE-2020-24027
Removed by vendor...
CVE-2020-24027
In Live Networks, Inc., liblivemedia version 20200625, there is a potential buffer overflow bug in the server handling of a RTSP "PLAY" command, when the command specifies seeking by absolute time...
Critical RCE Bug Impacts Streaming Server Libraries: VLC, MPLayer Not Impacted
A critical remote code-execution bug has been found in the popular Live Networks LIVE555’s streaming media RTSPServer. The vulnerability could allow an attacker to send a specially crafted packet to vulnerable systems and trigger a stack-based buffer overflow, according to researchers at Cisco...
Critical Code Execution Flaw Found in LIVE555 Streaming Library
Security researchers have discovered a serious code execution vulnerability in the LIVE555 streaming media library—which is being used by popular media players, along with a number of embedded devices capable of streaming media. LIVE555 streaming media, developed and maintained by Live Networks, ...
Vulnerability Spotlight: Live Networks LIVE555 streaming media RTSPServer code execution vulnerability
These vulnerabilities were discovered by Lilith Wyatt of Cisco Talos. Cisco Talos is disclosing a code execution vulnerability that has been identified in Live Networks LIVE555 streaming media RTSPServer. LIVE555 Streaming Media is a set of open-source C++ libraries developed by Live Networks Inc...
Live Networks LIVE555 streaming media RTSPServer lookForHeader code execution vulnerability
Summary An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability...
VLC 2.x < 2.1.2 parseRTSPRequestString Function RTSP Command Parsing Overflow
The version of VLC media player installed on the remote host is earlier than 2.1.2. As such, it reportedly includes a version of Live Networks' Live555 Streaming Media library earlier than 2013.11.29. A buffer overflow vulnerability in the 'parseRTSPRequestString' function in that library exists...
CVE-2013-6933
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a 1 space or 2 tab character at the beginning of an...
Integer overflow
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via a 1 space or 2 tab character at the beginning of an...
CVE-2013-6934
CVE-2013-6934 affects VLC Media Player via the Live555 liblivemedia RTSP implementation. The issue arises in parseRTSPRequestString: a space at the beginning of an RTSP message can trigger an integer underflow, an infinite loop, and a buffer overflow, potentially crashing the application or enabl...
CVE-2013-6933
CVE-2013-6933 affects the Live555 Streaming Media library (used by VideoLAN VLC) where RTSP messages starting with whitespace [single space or tab] trigger an integer underflow, an infinite loop, and a buffer overflow in parseRTSPRequestString. This can lead to a crash or arbitrary code execution...
LIVE555媒体服务器ParseRTSPRequestString远程拒绝服务漏洞
BUGTRAQ ID: 26488 LIVE555 Media Server是一款RTSP服务器程序,可提供各种媒体文件流服务。 LIVE555媒体服务器在处理畸形的请求数据时存在漏洞,远程攻击者可能利用此漏洞导致服务器不可用。 LIVE555媒体服务器的parseRTSPRequestString函数没有检查客户端数据的数量(reqStrSize)是否大于或等于8字节。因为该函数使用了无符数字,因此7 - 8不是-1而是4294967295,这就导致到达了分配内存的末尾而出现崩溃。以下是liveMedia/RTSPCommon文件中有漏洞的代码: Boolean...