[Live-devel] CVE-2019-773{3, 2}: unrestricted memmove and memory leak leading to DoS

Hugo Lefeuvre hle at owl.eu.com
Sat May 11 09:45:53 PDT 2019


> Sorry, but we do not use GitHub, and no copies of our code that other people have stored on GitHub (or any other third-party code repository) are supported by us.  (These copies are often out-of-date, and/or contain unknown modifications.  And quite often, these third-party copies of our code contain bugs that have already been fixed in our official version of the code; that appears to be the case here.)
> 
> The only copy of the code that we support is the version here
> 	http://live555.com/liveMedia/public/live555-latest.tar.gz
> which is described at
> 	http://live555.com/liveMedia/
> 
> We will accept bug (including security) reports on this version of the code only.

I have double checked, both issues still seem to affect 2019.05.03.

CVE-2019-7733:

In RTSPClientConnection::handleRequestBytes, if a pointer wraparound
as checked at line 793 happens, parseSucceeded is set to false but
contentLength is still used to perform memmove at line 890.

This might lead to invalid memory access.

CVE-2019-7732:

This is a memory leak. Memory allocated in parseAuthorizationHeader for
username, realm, etc. by strDup is never freed. This is a very minor
issue, but you might still want to fix it.

cheers,
Hugo

-- 
                Hugo Lefeuvre (hle)    |    www.owl.eu.com
RSA4096_ 360B 03B3 BF27 4F4D 7A3F D5E8 14AA 1EB8 A247 3DFD
ed25519_ 37B2 6D38 0B25 B8A2 6B9F 3A65 A36F 5357 5F2D DC4C
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: not available
URL: <http://lists.live555.com/pipermail/live-devel/attachments/20190511/505923eb/attachment.bin>


More information about the live-devel mailing list