Описание
Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-server/rtsp-media.c allows remote attackers to cause a denial of service via a series of specially crafted hexstream requests.
A flaw was found in GStreamer RTSP server. In certain versions, specially-crafted requests may trigger an assertion failure in the server, which can lead to a denial of service.
Отчет
This vulnerability in the GStreamer RTSP server is classified as moderate rather than important because, while it can cause a denial of service (DoS), it does not allow remote code execution, privilege escalation, or data exposure. The flaw relies on sending specially crafted hexstream requests to disrupt the service, which may affect availability but does not compromise the integrity or confidentiality of the system. Moreover, the impact is limited to crashing or temporarily disrupting the RTSP server, with no lasting damage or persistent effects once the server is restarted. It's important to note that this vulnerability does not impact any Red Hat products, indicating that Red Hat's software stack is unaffected by this specific CVE.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | gstreamer1-rtsp-server | Not affected | ||
| Red Hat Enterprise Linux 9 | gstreamer1-rtsp-server | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-server/rtsp-media.c allows remote attackers to cause a denial of service via a series of specially crafted hexstream requests.
Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-server/rtsp-media.c allows remote attackers to cause a denial of service via a series of specially crafted hexstream requests.
Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-s ...
Incorrect Access Control in GStreamer RTSP server 1.25.0 in gst-rtsp-server/rtsp-media.c allows remote attackers to cause a denial of service via a series of specially crafted hexstream requests.
EPSS
7.5 High
CVSS3