Incorrect Access Control in GStreamer RTSP Server Allows Denial of Service
CVE-2024-44331

7.5HIGH

Key Information:

Vendor: GStreamer
Status: GStreamer RTSP Server
Vendor: CVE Published:; 22 October 2024

What is CVE-2024-44331?

A vulnerability in the GStreamer RTSP server version 1.25.0 is caused by incorrect access controls in the rtsp-media.c file. This flaw enables remote attackers to send multiple specially crafted hexstream requests, leading to a denial of service. This issue necessitates immediate attention to mitigate potential disruptions in service and ensure the stability of streaming applications relying on this server. Utilizing secure coding practices and regular updates can help prevent exploitation.

References

https://github.com/dqp10515/security/tree/main/gst-rtsp-s...

https://gist.github.com/dqp10515/c6a8879bebe92d8c74f7c526...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Oct 22, 2024

CVE-2024-44331 Data

JSON