CVE-2019-7732

Published: Feb 11, 2019Modified: Nov 21, 2024

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.

Affected (1)

Products: Live555: Streaming Media

Live555

1 product

Streaming Media

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Live555 Streaming Media	Version 0.95

Related CWEs

CWE-401

Missing Release of Memory after Effective Lifetime

The product does not sufficiently track and release allocated memory after it has been used, which slowly consumes remaining memory.

References (2)

https://github.com/rgaufman/live555/issues/20

Source: cve@mitre.org

Third Party Advisory

https://github.com/rgaufman/live555/issues/20

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

Timeline

No history available yet.