Vulnerability Description
An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.
CVSS Score
CRITICAL
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Live555 | Live555 Media Server | 0.92 |
| Debian | Debian Linux | 8.0 |
Related Weaknesses (CWE)
References
- http://lists.live555.com/pipermail/live-devel/2018-October/021071.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/11/msg00020.htmlMailing ListThird Party Advisory
- https://security.gentoo.org/glsa/202005-06Third Party Advisory
- https://talosintelligence.com/vulnerability_reports/TALOS-2018-0684ExploitThird Party Advisory
- https://www.debian.org/security/2018/dsa-4343Third Party Advisory
- http://lists.live555.com/pipermail/live-devel/2018-October/021071.htmlMailing ListThird Party Advisory
- https://lists.debian.org/debian-lts-announce/2018/11/msg00020.htmlMailing ListThird Party Advisory
- https://security.gentoo.org/glsa/202005-06Third Party Advisory
- https://talosintelligence.com/vulnerability_reports/TALOS-2018-0684ExploitThird Party Advisory
- https://www.debian.org/security/2018/dsa-4343Third Party Advisory
FAQ
What is CVE-2018-4013?
CVE-2018-4013 is a vulnerability with a CVSS score of 9.8 (CRITICAL). An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer o...
How severe is CVE-2018-4013?
CVE-2018-4013 has been rated CRITICAL with a CVSS base score of 9.8/10. This is considered a critical vulnerability requiring immediate attention.
Is there a patch for CVE-2018-4013?
Check the references section above for vendor advisories and patch information. Affected products include: Live555 Live555 Media Server, Debian Debian Linux.