Total
5 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2007-6626 | 1 Feng | 1 Feng | 2018-10-15 | 7.5 HIGH | N/A |
Multiple buffer overflows in the RTSP_valid_response_msg function in RTSP_state_machine.c in LScube Feng 0.1.15 and earlier allow remote attackers to execute arbitrary code via (1) a long first line of a response, as demonstrated by a long VER line; or (2) a long second line of a response, as demonstrated by a message that follows a RETURN line. | |||||
CVE-2007-6627 | 1 Feng | 1 Feng | 2018-10-15 | 7.5 HIGH | N/A |
Integer overflow in the RTSP_remove_msg function in RTSP_lowlevel.c in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an RTP packet with a size value of 0xffff. | |||||
CVE-2007-6628 | 1 Feng | 1 Feng | 2018-10-15 | 5.0 MEDIUM | N/A |
LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via (1) a malformed Transport header, which triggers misparsing in parse_transport_header in RTSP_setup.c, as demonstrated by a Transport header that contains only a "RTP/AVP;unicast;client_port" sequence; or (2) a malformed Range header, which triggers misparsing in parse_play_time_range in RTSP_Play, as demonstrated by an empty Range header. | |||||
CVE-2007-6629 | 1 Feng | 1 Feng | 2018-10-15 | 5.0 MEDIUM | N/A |
Interpretation conflict in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a User-Agent header line that contains a carriage-return character, which is considered a line delimiter when the header is split into individual lines, but not when log_user_agent in RTSP_utils.c parses the content of the User-Agent line. | |||||
CVE-2007-6630 | 1 Feng | 1 Feng | 2018-10-15 | 5.0 MEDIUM | N/A |
The Url_init function in utils/url.c in Netembryo 0.0.4, when used by LScube Feng, allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a malformed URI containing a "/:" sequence, as demonstrated by a "DESCRIBE /: RTSP/1.0" request. |