CVE-2013-6933

The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.

CVSS v2.0 7.5 HIGH

7.5^/10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References

Link	Resource
http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html
http://www.live555.com/liveMedia/public/changelog.txt
http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html
http://www.live555.com/liveMedia/public/changelog.txt

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:live555:streaming_media:2011-08-13:::::::*
	cpe:2.3:a:live555:streaming_media:2011-08-20:::::::*
	cpe:2.3:a:live555:streaming_media:2011-08-22:::::::*
	cpe:2.3:a:live555:streaming_media:2011-09-02:::::::*
	cpe:2.3:a:live555:streaming_media:2011-09-19:::::::*
	cpe:2.3:a:live555:streaming_media:2011-10-05:::::::*
	cpe:2.3:a:live555:streaming_media:2011-10-09:::::::*
	cpe:2.3:a:live555:streaming_media:2011-10-18:::::::*
	cpe:2.3:a:live555:streaming_media:2011-10-27:::::::*
	cpe:2.3:a:live555:streaming_media:2011-11-02:::::::*
	cpe:2.3:a:live555:streaming_media:2011-11-08:::::::*
	cpe:2.3:a:live555:streaming_media:2011-11-20:::::::*
	cpe:2.3:a:live555:streaming_media:2011-11-27:::::::*
	cpe:2.3:a:live555:streaming_media:2011-11-28:::::::*
	cpe:2.3:a:live555:streaming_media:2011-11-29:::::::*
	cpe:2.3:a:live555:streaming_media:2011-12-02:::::::*
	cpe:2.3:a:live555:streaming_media:2011-12-19:::::::*
	cpe:2.3:a:live555:streaming_media:2011-12-20:::::::*
	cpe:2.3:a:live555:streaming_media:2011-12-23:::::::*
	cpe:2.3:a:live555:streaming_media:2012-01-07:::::::*
	cpe:2.3:a:live555:streaming_media:2012-01-13:::::::*
	cpe:2.3:a:live555:streaming_media:2012-01-25:::::::*
	cpe:2.3:a:live555:streaming_media:2012-01-26:::::::*
	cpe:2.3:a:live555:streaming_media:2012-02-03:::::::*
	cpe:2.3:a:live555:streaming_media:2012-02-04:::::::*
	cpe:2.3:a:live555:streaming_media:2012-02-29:::::::*
	cpe:2.3:a:live555:streaming_media:2012-03-20:::::::*
	cpe:2.3:a:live555:streaming_media:2012-03-22:::::::*
	cpe:2.3:a:live555:streaming_media:2012-04-04:::::::*
	cpe:2.3:a:live555:streaming_media:2012-04-18:::::::*
	cpe:2.3:a:live555:streaming_media:2012-04-21:::::::*
	cpe:2.3:a:live555:streaming_media:2012-04-26:::::::*
	cpe:2.3:a:live555:streaming_media:2012-04-27:::::::*
	cpe:2.3:a:live555:streaming_media:2012-05-03:::::::*
	cpe:2.3:a:live555:streaming_media:2012-05-11:::::::*
	cpe:2.3:a:live555:streaming_media:2012-05-17:::::::*
	cpe:2.3:a:live555:streaming_media:2012-06-12:::::::*
	cpe:2.3:a:live555:streaming_media:2012-06-17:::::::*
	cpe:2.3:a:live555:streaming_media:2012-06-23:::::::*
	cpe:2.3:a:live555:streaming_media:2012-06-26:::::::*
	cpe:2.3:a:live555:streaming_media:2012-07-03:::::::*
	cpe:2.3:a:live555:streaming_media:2012-07-06:::::::*
	cpe:2.3:a:live555:streaming_media:2012-07-14:::::::*
	cpe:2.3:a:live555:streaming_media:2012-07-18:::::::*
	cpe:2.3:a:live555:streaming_media:2012-07-24:::::::*
	cpe:2.3:a:live555:streaming_media:2012-07-26:::::::*
	cpe:2.3:a:live555:streaming_media:2012-08-08:::::::*
	cpe:2.3:a:live555:streaming_media:2012-08-12:::::::*
	cpe:2.3:a:live555:streaming_media:2012-08-17:::::::*
	cpe:2.3:a:live555:streaming_media:2012-08-20:::::::*
	cpe:2.3:a:live555:streaming_media:2012-08-28:::::::*
	cpe:2.3:a:live555:streaming_media:2012-08-29:::::::*
	cpe:2.3:a:live555:streaming_media:2012-08-30:::::::*
	cpe:2.3:a:live555:streaming_media:2012-08-31:::::::*
	cpe:2.3:a:live555:streaming_media:2012-09-06:::::::*
	cpe:2.3:a:live555:streaming_media:2012-09-07:::::::*
	cpe:2.3:a:live555:streaming_media:2012-09-11:::::::*
	cpe:2.3:a:live555:streaming_media:2012-09-12:::::::*
	cpe:2.3:a:live555:streaming_media:2012-09-13:::::::*
	cpe:2.3:a:live555:streaming_media:2012-09-27:::::::*
	cpe:2.3:a:live555:streaming_media:2012-10-01:::::::*
	cpe:2.3:a:live555:streaming_media:2012-10-04:::::::*
	cpe:2.3:a:live555:streaming_media:2012-10-11:::::::*
	cpe:2.3:a:live555:streaming_media:2012-10-12:::::::*
cpe:2.3:a:live555:streaming_media:2012-10-16:::::::*
cpe:2.3:a:live555:streaming_media:2012-10-17:::::::*
cpe:2.3:a:live555:streaming_media:2012-10-18:::::::*
cpe:2.3:a:live555:streaming_media:2012-10-21:::::::*
cpe:2.3:a:live555:streaming_media:2012-10-22:::::::*
cpe:2.3:a:live555:streaming_media:2012-10-24:::::::*
cpe:2.3:a:live555:streaming_media:2012-11-05:::::::*
cpe:2.3:a:live555:streaming_media:2012-11-08:::::::*
cpe:2.3:a:live555:streaming_media:2012-11-16:::::::*
cpe:2.3:a:live555:streaming_media:2012-11-17:::::::*
cpe:2.3:a:live555:streaming_media:2012-11-22:::::::*
cpe:2.3:a:live555:streaming_media:2012-11-28:::::::*
cpe:2.3:a:live555:streaming_media:2012-11-29:::::::*
cpe:2.3:a:live555:streaming_media:2012-11-30:::::::*
cpe:2.3:a:live555:streaming_media:2012-12-15:::::::*
cpe:2.3:a:live555:streaming_media:2012-12-18:::::::*
cpe:2.3:a:live555:streaming_media:2012-12-21:::::::*
cpe:2.3:a:live555:streaming_media:2012-12-22:::::::*
cpe:2.3:a:live555:streaming_media:2012-12-23:::::::*
cpe:2.3:a:live555:streaming_media:2012-12-24:::::::*
cpe:2.3:a:live555:streaming_media:2013-01-03:::::::*
cpe:2.3:a:live555:streaming_media:2013-01-04:::::::*
cpe:2.3:a:live555:streaming_media:2013-01-05:::::::*
cpe:2.3:a:live555:streaming_media:2013-01-15:::::::*
cpe:2.3:a:live555:streaming_media:2013-01-18:::::::*
cpe:2.3:a:live555:streaming_media:2013-01-19:::::::*
cpe:2.3:a:live555:streaming_media:2013-01-21:::::::*
cpe:2.3:a:live555:streaming_media:2013-01-22:::::::*
cpe:2.3:a:live555:streaming_media:2013-01-23:::::::*
cpe:2.3:a:live555:streaming_media:2013-01-25:::::::*
cpe:2.3:a:live555:streaming_media:2013-02-05:::::::*
cpe:2.3:a:live555:streaming_media:2013-02-11:::::::*
cpe:2.3:a:live555:streaming_media:2013-02-27:::::::*
cpe:2.3:a:live555:streaming_media:2013-03-07:::::::*
cpe:2.3:a:live555:streaming_media:2013-03-23:::::::*
cpe:2.3:a:live555:streaming_media:2013-03-31:::::::*
cpe:2.3:a:live555:streaming_media:2013-04-01:::::::*
cpe:2.3:a:live555:streaming_media:2013-04-04:::::::*
cpe:2.3:a:live555:streaming_media:2013-04-05:::::::*
cpe:2.3:a:live555:streaming_media:2013-04-06:::::::*
cpe:2.3:a:live555:streaming_media:2013-04-08:::::::*
cpe:2.3:a:live555:streaming_media:2013-04-16:::::::*
cpe:2.3:a:live555:streaming_media:2013-04-21:::::::*
cpe:2.3:a:live555:streaming_media:2013-04-22:::::::*
cpe:2.3:a:live555:streaming_media:2013-04-23:::::::*
cpe:2.3:a:live555:streaming_media:2013-04-29:::::::*
cpe:2.3:a:live555:streaming_media:2013-04-30:::::::*
cpe:2.3:a:live555:streaming_media:2013-05-30:::::::*
cpe:2.3:a:live555:streaming_media:2013-06-06:::::::*
cpe:2.3:a:live555:streaming_media:2013-06-14:::::::*
cpe:2.3:a:live555:streaming_media:2013-06-18:::::::*
cpe:2.3:a:live555:streaming_media:2013-06-30:::::::*
cpe:2.3:a:live555:streaming_media:2013-07-03:::::::*
cpe:2.3:a:live555:streaming_media:2013-07-16:::::::*
cpe:2.3:a:live555:streaming_media:2013-07-30:::::::*
cpe:2.3:a:live555:streaming_media:2013-07-31:::::::*
cpe:2.3:a:live555:streaming_media:2013-08-05:::::::*
cpe:2.3:a:live555:streaming_media:2013-08-15:::::::*
cpe:2.3:a:live555:streaming_media:2013-08-16:::::::*
cpe:2.3:a:live555:streaming_media:2013-08-28:::::::*
cpe:2.3:a:live555:streaming_media:2013-08-31:::::::*
cpe:2.3:a:live555:streaming_media:2013-09-07:::::::*
cpe:2.3:a:live555:streaming_media:2013-09-08:::::::*
cpe:2.3:a:live555:streaming_media:2013-09-11:::::::*
cpe:2.3:a:live555:streaming_media:2013-09-18:::::::*
cpe:2.3:a:live555:streaming_media:2013-09-27:::::::*
cpe:2.3:a:live555:streaming_media:2013-09-30:::::::*
cpe:2.3:a:live555:streaming_media:2013-10-01:::::::*
cpe:2.3:a:live555:streaming_media:2013-10-02:::::::*
cpe:2.3:a:live555:streaming_media:2013-10-03:::::::*
cpe:2.3:a:live555:streaming_media:2013-10-07:::::::*
cpe:2.3:a:live555:streaming_media:2013-10-08:::::::*
cpe:2.3:a:live555:streaming_media:2013-10-09:::::::*
cpe:2.3:a:live555:streaming_media:2013-10-11:::::::*
cpe:2.3:a:live555:streaming_media:2013-10-16:::::::*
cpe:2.3:a:live555:streaming_media:2013-10-18:::::::*
cpe:2.3:a:live555:streaming_media:2013-10-22:::::::*
cpe:2.3:a:live555:streaming_media:2013-10-24:::::::*
cpe:2.3:a:live555:streaming_media:2013-10-25:::::::*
cpe:2.3:a:live555:streaming_media:2013-11-06:::::::*
cpe:2.3:a:live555:streaming_media:2013-11-10:::::::*
cpe:2.3:a:live555:streaming_media:2013-11-14:::::::*
cpe:2.3:a:live555:streaming_media:2013-11-15:::::::*
cpe:2.3:a:live555:streaming_media:2013-11-25:::::::*

History

21 Nov 2024, 01:59

Type	Values Removed	Values Added
References	~~() http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html -~~	() http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html -
References	~~() http://www.live555.com/liveMedia/public/changelog.txt -~~	() http://www.live555.com/liveMedia/public/changelog.txt -

Information

Published : 2014-01-23 21:55

Updated : 2024-11-21 01:59

NVD link : CVE-2013-6933

Mitre link : CVE-2013-6933

CVE.ORG link : CVE-2013-6933

JSON object : View

Products Affected

live555

streaming_media

CWE

CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-189

Numeric Errors

7.5 /10