Risk | Medium |
Patch available | NO |
Number of vulnerabilities | 2 |
CVE-ID | CVE-2019-7732 CVE-2019-7733 |
CWE-ID | CWE-401 CWE-120 |
Exploitation vector | Network |
Public exploit |
Public exploit code for vulnerability #1 is available. Public exploit code for vulnerability #2 is available. |
Vulnerable software Subscribe |
LIVE555 Media Server Universal components / Libraries / Libraries used by multiple products |
Vendor | Live Networks |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
EUVDB-ID: #VU17664
Risk: Medium
CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2019-7732
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak when multiple instances of a single field exist within a setup packet. A remote attacker can send a malicious setup packet and perform denial of service attack.
MitigationCybersecurity Help is currently unaware of any official solution to address the vulnerability.
Vulnerable software versionsLIVE555 Media Server: 0.95
External linkshttp://github.com/rgaufman/live555/issues/20
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.
EUVDB-ID: #VU17665
Risk: Medium
CVSSv3.1: 8.1 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H/E:P/RL:U/RC:C]
CVE-ID: CVE-2019-7733
CWE-ID:
CWE-120 - Buffer overflow
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due a buffer overflow condition in the handleRequestBytes function. A remote attacker can send a malicious HTTP packet and perform denial of service attack.
MitigationCybersecurity Help is currently unaware of any official solution to address the vulnerability.
Vulnerable software versionsLIVE555 Media Server: 0.95
External linkshttp://github.com/rgaufman/live555/issues/21
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability. However, proof of concept for this vulnerability is available.