ZLMediaKit 缓冲区错误漏洞

ZLMediaKit is an open-source advanced streaming service framework based on C++ 11, developed by ZLMediaKit in China. ZLMediaKit has a buffer error vulnerability, which stems from the lack of buffer boundary validation in the VP9 RTP parser, potentially leading to a heap buffer overflow...

PT-2026-30725

ZLMediaKit is a streaming media service framework. the VP9 RTP payload parser in ext-codec/VP9Rtp.cpp reads multiple fields from the RTP payload based on flag bits in the first byte, without verifying that sufficient data exists in the buffer. A crafted VP9 RTP packet with a 1-byte payload 0xFF,...

CVE-2024-27488

Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. The application system enables the http API interface by default and uses the secret parameter method to authenticate the http restful ap...

CVE-2024-27488

Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. The application system enables the http API interface by default and uses the secret parameter method to authenticate the http restful ap...

CVE-2024-27488

Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. The application system enables the http API interface by default and uses the secret parameter method to authenticate the http restful ap...

CVE-2024-27488

ZLMediaKit versions 1.0–8.0 are affected by an Incorrect Access Control vulnerability that enables remote attackers to escalate privileges and obtain sensitive information. The issue stems from the application enabling the HTTP API interface by default and using a secret parameter for authenticat...

CVE-2024-27488

Incorrect Access Control vulnerability in ZLMediaKit versions 1.0 through 8.0, allows remote attackers to escalate privileges and obtain sensitive information. The application system enables the http API interface by default and uses the secret parameter method to authenticate the http restful ap...

PT-2024-21918 · Unknown · Zlmediakit

Name of the Vulnerable Software and Affected Versions: ZLMediaKit versions 1.0 through 8.0 Description: The issue allows remote attackers to escalate privileges and obtain sensitive information due to an Incorrect Access Control vulnerability. The application system enables the http API interface...

CVE-2023-39067

Cross Site Scripting vulnerability in ZLMediaKiet v.4.0 and v.5.0 allows an attacker to execute arbitrary code via a crafted script to the URL...

CVE-2023-31861

ZLMediaKit 4.0 is vulnerable to Directory Traversal...

CVE-2023-31861

ZLMediaKit 4.0 is vulnerable to Directory Traversal...

CVE-2023-31861

CVE-2023-31861 affects ZLMediaKit 4.0 and is a Directory Traversal vulnerability. The root cause is a path traversal flaw in ZLMediaKit 4.0, exposing potential confidentiality impact (CVE metrics show HIGH). Exploitation details are not provided in the documents. There is no publicly documented r...

CVE-2023-31861

ZLMediaKit 4.0 is vulnerable to Directory Traversal...

CVE-2022-37237

An attacker can send malicious RTMP requests to make the ZLMediaKit server crash remotely. Affected version is below commit 7d8b212a3c3368bc2f6507cb74664fc419eb9327...

Code injection

An attacker can send malicious RTMP requests to make the ZLMediaKit server crash remotely. Affected version is below commit 7d8b212a3c3368bc2f6507cb74664fc419eb9327...

CVE-2022-37237

ZLMediaKit is affected by CVE-2022-37237. An attacker can send malicious RTMP requests to remotely crash the ZLMediaKit server. The vulnerability affects versions below commit 7d8b212a3c3368bc2f6507cb74664fc419eb9327. Root cause details are not explicitly provided in the documents beyond the cras...