10

CVE-2018-4013

Exploit
An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Live555Live555 Media Server Version0.92
DebianDebian Linux Version8.0
DebianDebian Linux Version9.0
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 9.49% 0.948
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
talos-cna@cisco.com 10 3.9 6
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

http://lists.live555.com/pipermail/live-devel/2018-October/021071.html
Third Party Advisory
Mailing List
https://lists.debian.org/debian-lts-announce/2018/11/msg00020.html
Third Party Advisory
Mailing List
https://security.gentoo.org/glsa/202005-06
Third Party Advisory
https://talosintelligence.com/vulnerability_reports/TALOS-2018-0684
Third Party Advisory
Exploit
https://www.debian.org/security/2018/dsa-4343
Third Party Advisory