[Live-devel] Heap Use-After-Free Bug in live555 (2024-10-10)
박상준
sangjuns at kaist.ac.kr
Wed Oct 9 20:32:04 PDT 2024
Hello,
My name is Sangjun Park, and I am a fuzzing researcher.I have discovered a heap use-after-free (UAF) vulnerability in the live555 streaming media server (version 2024-10-10) running on Ubuntu 20.04.
The issue arises when the server handles a sequence of client requests very quickly, leading to a heap U.A.F. condition.
You can easily reproduce the bug by following the steps provided in the attached README.md.
Additionally, I have attached the ASAN report and a reproducible test case, which you can access via the following link: https://drive.google.com/file/d/1pIdxVez2UUWBQpmegCTGBsn3ok80Rzeb/view?usp=sharing
Best regards, Sangjun Park
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.live555.com/pipermail/live-devel/attachments/20241010/c0afd792/attachment.htm>
More information about the live-devel
mailing list