Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.5
CVSSv2

CVE-2018-4013

Published: 19/10/2018 Updated: 07/06/2022
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 668
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Live555

Vulnerability Summary

An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. An attacker can send a packet to trigger this vulnerability.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

live555 live555 media server 0.92

debian debian linux 8.0

debian debian linux 9.0

Vendor Advisories

Debian Security Advisories: DSA-4343-1 liblivemedia -- security update
It was discovered that a buffer overflow in liveMedia, a set of C++ libraries for multimedia streaming could result in the execution of arbitrary code when parsing a malformed RTSP stream For the stable distribution (stretch), this problem has been fixed in version 20161128-1+deb9u1 We recommend that you upgrade your liblivemedia packages For ...

Github Repositories

https://github.com/r3dxpl0it/RTSPServer-Code-Execution-Vulnerability

RTSPServer Code Execution Vulnerability CVE-2018-4013

Live Networks LIVE555 streaming media RTSPServer lookForHeader code execution vulnerability CVE-2018-4013 Summary An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution An attacker can send a packet to trigger

https://github.com/invictus1306/functrace

A function tracer

functrace - A function tracer functrace is a tool that helps to analyze a binary file with dynamic instrumentation using DynamoRIO (dynamorioorg/) These are some implemented features (based on DynamoRIO): disassemble all the executed code disassemble a specific function (dump if these are addresses) get arguments of a specific function (dump if these are addresses)

https://github.com/DoubleMice/cve-2018-0684

TALOS-2018-0684/cve-2018-4013 poc

cve-2018-4013 cve-2018-4013 poc 简要复现 reference TALOS-2018-0684 || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence TODO : exploit

https://github.com/DoubleMice/cve-2018-4013

TALOS-2018-0684/cve-2018-4013 poc

cve-2018-4013 cve-2018-4013 poc 简要复现 reference TALOS-2018-0684 || Cisco Talos Intelligence Group - Comprehensive Threat Intelligence TODO : exploit

References

CWE-787https://talosintelligence.com/vulnerability_reports/TALOS-2018-0684http://lists.live555.com/pipermail/live-devel/2018-October/021071.htmlhttps://lists.debian.org/debian-lts-announce/2018/11/msg00020.htmlhttps://www.debian.org/security/2018/dsa-4343https://security.gentoo.org/glsa/202005-06https://nvd.nist.govhttps://www.debian.org/security/./dsa-4343https://github.com/r3dxpl0it/RTSPServer-Code-Execution-Vulnerability
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2024-4040privilege escalationCVE-2024-4112CVE-2024-32872man-in-the-middleCVE-2024-32788bypassCVE-2024-3400CVE-2024-28976
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook