Vulnerability Description
An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Gstreamer Project | Gst-Rtsp-Server | 1.14.5 |
| Opensuse | Backports Sle | 15.0 |
| Opensuse | Leap | 15.1 |
Related Weaknesses (CWE)
References
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00029.htmlMailing ListThird Party Advisory
- https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/commit/44ccca3086dd81PatchThird Party Advisory
- https://security.gentoo.org/glsa/202009-05Third Party Advisory
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1018ExploitThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00029.htmlMailing ListThird Party Advisory
- https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/commit/44ccca3086dd81PatchThird Party Advisory
- https://security.gentoo.org/glsa/202009-05Third Party Advisory
- https://www.talosintelligence.com/vulnerability_reports/TALOS-2020-1018ExploitThird Party Advisory
FAQ
What is CVE-2020-6095?
CVE-2020-6095 is a vulnerability with a CVSS score of 7.5 (HIGH). An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference re...
How severe is CVE-2020-6095?
CVE-2020-6095 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2020-6095?
Check the references section above for vendor advisories and patch information. Affected products include: Gstreamer Project Gst-Rtsp-Server, Opensuse Backports Sle, Opensuse Leap.