mirror of https://gitlab.freedesktop.org/gstreamer/gstreamer.git synced 2024-11-21 17:21:13 +00:00

Tim-Philipp Müller 2947150de3 security-advisories: sync with www module

Part-of: <https://gitlab.freedesktop.org/gstreamer/gstreamer/-/merge_requests/7865>

2024-11-11 17:11:31 +00:00

1.5 KiB

Raw Permalink Blame History

Security Advisory 2024-0004 (CVE-2024-44331)


Summary	RTSP server: Potential Denial-of-Service (DoS) with specially crafted client requests
Date	2024-10-29 18:00
Affected Versions	GStreamer gst-rtsp-server >= 1.18.0, < 1.24.9
IDs	GStreamer-SA-2024-0004 CVE-2024-44331

Details

A series of specially crafted client requests during streaming setup (post client authentication, if any) can cause the RTSP server library to abort, if it has been compiled with assertions enabled.

Impact

It is possible for a malicious RTSP client to potentially trigger a crash/abort of the RTSP server application, if it has been compiled with assertions enabled. There is no risk of code execution or memory manipulation.

Solution

The gst-rtsp-server 1.24.9 releases (and git main branch) addresses the issue. People using older branches of GStreamer should apply the patch and recompile.

1.5 KiB

Raw Permalink Blame History

Security Advisory 2024-0004 (CVE-2024-44331)

Details

Impact

Solution

References

The GStreamer project

CVE Database Entries

GStreamer releases

1.24 (current stable)

Patches

1.5 KiB Raw Permalink Blame History

Security Advisory 2024-0004 (CVE-2024-44331)

Details

Impact

Solution

References

The GStreamer project

CVE Database Entries

GStreamer releases

1.24 (current stable)

Patches

1.5 KiB

Raw Permalink Blame History