[Live-devel] Stack-Use-After-Return Bug in live555
박상준
sangjuns at kaist.ac.kr
Wed Oct 9 00:00:22 PDT 2024
My name is Sangjun Park, and I am a fuzzing researcher. I have discovered a stack-use-after-return vulnerability in the live555 streaming media server (version 2024-09-29) running on Ubuntu 20.04.
The issue occurs when the server processes a sequence of SETUP and other client requests, leading to a stack-use-after-return condition. You can easily reproduce the bug by following the instructions in the attached README.md file. Please note that ASAN must be activated to reproduce the issue in this case.
Additionally, I have attached the ASAN report and a reproducible test case, which can be accessed via the following link: https://drive.google.com/file/d/18z4jdK_hbBg5DB7TarwaRC3IJjeLuKnK/view?usp=sharing
Best regards, Sangjun Park
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.live555.com/pipermail/live-devel/attachments/20241009/52139746/attachment.htm>
More information about the live-devel
mailing list