Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
670
VMScore

CVE-2019-7314

Published: 04/02/2019 Updated: 07/07/2020
CVSS v2 Base Score: 7.5 | Impact Score: 6.4 | Exploitability Score: 10
CVSS v3 Base Score: 9.8 | Impact Score: 5.9 | Exploitability Score: 3.9
VMScore: 670
Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P
Subscribe to Streaming Media

Vulnerability Summary

liblivemedia in Live555 prior to 2019.02.03 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

live555 streaming media

debian debian linux 8.0

Vendor Advisories

Debian CVElist Bug Report Logs: liblivemedia: CVE-2019-7314: mishandling of RTSP stream termination causes use-after-free and crash
Debian Bug report logs - #924656 liblivemedia: CVE-2019-7314: mishandling of RTSP stream termination causes use-after-free and crash Package: src:liblivemedia; Maintainer for src:liblivemedia is Debian Multimedia Maintainers <debian-multimedia@listsdebianorg>; Reported by: Hugo Lefeuvre <hle@debianorg> Date: Fri, 1 ...
Debian Security Advisories: DSA-4408-1 liblivemedia -- security update
Multiple security issues were discovered in liveMedia, a set of C++ libraries for multimedia streaming which could result in the execution of arbitrary code or denial of service when parsing a malformed RTSP stream For the stable distribution (stretch), these problems have been fixed in version 20161128-1+deb9u2 We recommend that you upgrade yo ...
Arch Linux Issues:
liblivemedia in Live555 before 20190203 mishandles the termination of an RTSP stream after RTP/RTCP-over-RTSP has been set up, which could lead to a Use-After-Free error that causes the RTSP server to crash (Segmentation fault) or possibly have unspecified other impact ...

Github Repositories

https://github.com/aflnet/aflnet

AFLNet: A Greybox Fuzzer for Network Protocols (https://thuanpv.github.io/publications/AFLNet_ICST20.pdf)

AFLNet: A Greybox Fuzzer for Network Protocols AFLNet is a greybox fuzzer for protocol implementations Unlike existing protocol fuzzers, it takes a mutational approach and uses state-feedback, in addition to code-coverage feedback, to guide the fuzzing process AFLNet is seeded with a corpus of recorded message exchanges between the server and an actual client No protocol spe

https://github.com/AxiaoJJ/AFLnet-MAB

AFLNet: A Greybox Fuzzer for Network Protocols AFLNet is a greybox fuzzer for protocol implementations Unlike existing protocol fuzzers, it takes a mutational approach and uses state-feedback, in addition to code-coverage feedback, to guide the fuzzing process AFLNet is seeded with a corpus of recorded message exchanges between the server and an actual client No protocol spe

https://github.com/GoenitzYs/aflnet

forked from https://github.com/aflnet/aflnet.git

AFLNet: A Greybox Fuzzer for Network Protocols AFLNet is a greybox fuzzer for protocol implementations Unlike existing protocol fuzzers, it takes a mutational approach and uses state-feedback, in addition to code-coverage feedback, to guide the fuzzing process AFLNet is seeded with a corpus of recorded message exchanges between the server and an actual client No protocol spe

https://github.com/Arbusz/aflnet

111

AFLNet: A Greybox Fuzzer for Network Protocols AFLNet is a greybox fuzzer for protocol implementations Unlike existing protocol fuzzers, it takes a mutational approach and uses state-feedback, in addition to code-coverage feedback, to guide the fuzzing process AFLNet is seeded with a corpus of recorded message exchanges between the server and an actual client No protocol spe

https://github.com/marshalanthony/aflnet

Creating AFLNet Repository

AFLNet: A Greybox Fuzzer for Network Protocols AFLNet is a greybox fuzzer for protocol implementations Unlike existing protocol fuzzers, it takes a mutational approach and uses state-feedback, in addition to code-coverage feedback, to guide the fuzzing process AFLNet is seeded with a corpus of recorded message exchanges between the server and an actual client No protocol spe

https://github.com/dnagarju/Aflnet

AFLNet: A Greybox Fuzzer for Network Protocols AFLNet is a greybox fuzzer for protocol implementations Unlike existing protocol fuzzers, it takes a mutational approach and uses state-feedback, in addition to code-coverage feedback, to guide the fuzzing process AFLNet is seeded with a corpus of recorded message exchanges between the server and an actual client No protocol spe

https://github.com/Speciale-Projekt/legening

AFLNet: A Greybox Fuzzer for Network Protocols AFLNet is a greybox fuzzer for protocol implementations Unlike existing protocol fuzzers, it takes a mutational approach and uses state-feedback, in addition to code-coverage feedback, to guide the fuzzing process AFLNet is seeded with a corpus of recorded message exchanges between the server and an actual client No protocol spe

https://github.com/LeeHun9/AFLNeTrans

My paper tool

AFLNet: A Greybox Fuzzer for Network Protocols AFLNet is a greybox fuzzer for protocol implementations Unlike existing protocol fuzzers, it takes a mutational approach and uses state-feedback, in addition to code-coverage feedback, to guide the fuzzing process AFLNet is seeded with a corpus of recorded message exchanges between the server and an actual client No protocol spe

https://github.com/cozy131/aflnet

aflnet for aflgo-snap

AFLNet: A Greybox Fuzzer for Network Protocols AFLNet is a greybox fuzzer for protocol implementations Unlike existing protocol fuzzers, it takes a mutational approach and uses state-feedback, in addition to code-coverage feedback, to guide the fuzzing process AFLNet is seeded with a corpus of recorded message exchanges between the server and an actual client No protocol spe

https://github.com/HemaKaz/aflnet

aflnet

AFLNet: A Greybox Fuzzer for Network Protocols AFLNet is a greybox fuzzer for protocol implementations Unlike existing protocol fuzzers, it takes a mutational approach and uses state-feedback, in addition to code-coverage feedback, to guide the fuzzing process AFLNet is seeded with a corpus of recorded message exchanges between the server and an actual client No protocol spe

https://github.com/xinguohua/AFLNetStatusNeu

AFLNet: A Greybox Fuzzer for Network Protocols AFLNet is a greybox fuzzer for protocol implementations Unlike existing protocol fuzzers, it takes a mutational approach and uses state-feedback, in addition to code-coverage feedback, to guide the fuzzing process AFLNet is seeded with a corpus of recorded message exchanges between the server and an actual client No protocol spe

References

CWE-416http://www.live555.com/liveMedia/public/changelog.txthttp://lists.live555.com/pipermail/live-devel/2019-February/021143.htmlhttps://lists.debian.org/debian-lts-announce/2019/02/msg00037.htmlhttps://www.debian.org/security/2019/dsa-4408https://seclists.org/bugtraq/2019/Mar/22http://lists.opensuse.org/opensuse-security-announce/2019-07/msg00044.htmlhttp://lists.opensuse.org/opensuse-security-announce/2019-08/msg00024.htmlhttps://security.gentoo.org/glsa/202005-06http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00009.htmlhttps://bugs.debian.org/cgi-bin/bugreport.cgi?bug=924656https://nvd.nist.govhttps://github.com/aflnet/aflnethttps://www.debian.org/security/2019/dsa-4408
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-3675CVE-2024-3400CVE-2024-23557mass assignmentCVE-2023-1389local file inclusionCVE-2024-32596file uploadCVE-2024-32593
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook