mirror of
https://gitlab.freedesktop.org/gstreamer/gstreamer.git
synced 2024-12-18 14:26:43 +00:00
1.5 KiB
1.5 KiB
Security Advisory 2024-0004 (CVE-2024-44331)
Summary | RTSP server: Potential Denial-of-Service (DoS) with specially crafted client requests |
Date | 2024-10-29 18:00 |
Affected Versions | GStreamer gst-rtsp-server >= 1.18.0, < 1.24.9 |
IDs | GStreamer-SA-2024-0004 CVE-2024-44331 |
Details
A series of specially crafted client requests during streaming setup (post client authentication, if any) can cause the RTSP server library to abort, if it has been compiled with assertions enabled.
Impact
It is possible for a malicious RTSP client to potentially trigger a crash/abort of the RTSP server application, if it has been compiled with assertions enabled. There is no risk of code execution or memory manipulation.
Solution
The gst-rtsp-server 1.24.9 releases (and git main branch) addresses the issue. People using older branches of GStreamer should apply the patch and recompile.