Vulnerability CVE-2013-6933


Published: 2014-01-23   Modified: 2014-01-24

Description:
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.

Type:

CWE-189

(Numeric Errors)

Vendor: Live555
Product: Streaming media 
Version:
2013.11.25
2013.11.15
2013.11.14
2013.11.10
2013.11.06
2013.10.25
2013.10.24
2013.10.22
2013.10.18
2013.10.16
2013.10.11
2013.10.09
2013.10.08
2013.10.07
2013.10.03
2013.10.02
2013.10.01
2013.09.30
2013.09.27
2013.09.18
2013.09.11
2013.09.08
2013.09.07
2013.08.31
2013.08.28
2013.08.16
2013.08.15
2013.08.05
2013.07.31
2013.07.30
2013.07.16
2013.07.03
2013.06.30
2013.06.18
2013.06.14
2013.06.06
2013.05.30
2013.04.30
2013.04.29
2013.04.23
2013.04.22
2013.04.21
2013.04.16
2013.04.08
2013.04.06
2013.04.05
2013.04.04
2013.04.01
2013.03.31
2013.03.23
2013.03.07
2013.02.27
2013.02.11
2013.02.05
2013.01.25
2013.01.23
2013.01.22
2013.01.21
2013.01.19
2013.01.18
2013.01.15
2013.01.05
2013.01.04
2013.01.03
2012.12.24
2012.12.23
2012.12.22
2012.12.21
2012.12.18
2012.12.15
2012.11.30
2012.11.29
2012.11.28
2012.11.22
2012.11.17
2012.11.16
2012.11.08
2012.11.05
2012.10.24
2012.10.22
2012.10.21
2012.10.18
2012.10.17
2012.10.16
2012.10.12
2012.10.11
2012.10.04
2012.10.01
2012.09.27
2012.09.13
2012.09.12
2012.09.11
2012.09.07
2012.09.06
2012.08.31
2012.08.30
2012.08.29
2012.08.28
2012.08.20
2012.08.17
See more versions on NVD

CVSS2 => (AV:N/AC:L/Au:N/C:P/I:P/A:P)

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial

 References:
http://www.live555.com/liveMedia/public/changelog.txt
http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html

Related CVE
CVE-2019-9215
In Live555 before 2019.02.27, malformed headers lead to invalid memory access in the parseAuthorizationHeader function.
CVE-2019-7733
In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove.
CVE-2019-7732
In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.
CVE-2019-7314
liblivemedia in Live555 before 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have uns...
CVE-2019-6256
A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie H...
CVE-2018-4013
An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker ...
CVE-2013-6934
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at t...
CVE-2007-6036
The parseRTSPRequestString function in LIVE555 Media Server 2007.11.01 and earlier allows remote attackers to cause a denial of service (daemon crash) via a short RTSP query, which causes a negative number to be used during memory allocation.

Copyright 2019, cxsecurity.com

 

Back to Top