Live Networks LIVE555 Media Server handleRequestBytes Buffer Overflow Vulnerability
In Live555 0.95, there is a buffer overflow via a large integer in a Content-Length HTTP header because handleRequestBytes has an unrestricted memmove.
A vulnerability in the LIVE555 Media Server could allow an unauthenticated, remote attacker to cause a denial of service (DoS) condition on a targeted system. The vulnerability is due to a buffer overflow condition in the handleRequestBytes function of the affected software. An attacker could exploit the vulnerability by sending a malicious HTTP packet to a targeted system. A successful exploit could cause the targeted system to crash, resulting in a DoS condition. Proof-of-concept (PoC) code that demonstrates an exploit of this vulnerability is publicly available. Live Networks has confirmed the vulnerability; however, software updates are not available.