Denial of Service Vulnerability in GstRTSPAuth of GStreamer and gst-rtsp-server
CVE-2020-6095

7.5HIGH

Key Information:

Vendor

Gstreamer Project

Status
Gstreamer
Vendor
CVE Published:
27 March 2020

What is CVE-2020-6095?

A vulnerability in the GstRTSPAuth functionality of the GStreamer project allows an attacker to exploit specially crafted RTSP setup requests. This can result in a null pointer dereference, leading to a denial-of-service condition. By sending malicious packets, an attacker can disrupt services relying on the gst-rtsp-server, impacting applications that utilize real-time streaming protocols.

Affected Version(s)

GStreamer GStreamer gst-rtsp-server 1.14.5

References

http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisoryx_refsource_SUSE
https://security.gentoo.org/glsa/202009-05
vendor-advisoryx_refsource_GENTOO
https://www.talosintelligence.com/vulnerability_reports/T...
x_refsource_MISC

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.