The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.

No CVSS v3.1

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact Partial

AV:N/AC:L/Au:N/C:P/I:P/A:P
Vendors Products
Live555
  • Streaming Media

Configuration 1 [-]

OR cpe:2.3:a:live555:streaming_media:2011-08-13:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-08-20:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-08-22:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-09-02:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-09-19:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-10-05:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-10-09:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-10-18:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-10-27:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-11-02:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-11-08:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-11-20:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-11-27:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-11-28:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-11-29:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-12-02:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-12-19:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-12-20:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-12-23:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-01-07:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-01-13:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-01-25:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-01-26:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-02-03:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-02-04:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-02-29:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-03-20:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-03-22:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-04-04:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-04-18:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-04-21:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-04-26:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-04-27:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-05-03:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-05-11:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-05-17:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-06-12:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-06-17:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-06-23:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-06-26:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-07-03:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-07-06:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-07-14:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-07-18:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-07-24:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-07-26:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-08-08:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-08-12:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-08-17:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-08-20:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-08-28:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-08-29:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-08-30:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-08-31:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-09-06:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-09-07:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-09-11:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-09-12:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-09-13:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-09-27:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-10-01:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-10-04:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-10-11:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-10-12:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-10-16:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-10-17:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-10-18:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-10-21:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-10-22:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-10-24:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-11-05:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-11-08:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-11-16:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-11-17:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-11-22:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-11-28:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-11-29:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-11-30:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-12-15:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-12-18:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-12-21:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-12-22:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-12-23:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-12-24:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-01-03:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-01-04:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-01-05:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-01-15:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-01-18:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-01-19:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-01-21:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-01-22:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-01-23:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-01-25:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-02-05:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-02-11:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-02-27:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-03-07:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-03-23:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-03-31:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-04-01:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-04-04:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-04-05:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-04-06:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-04-08:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-04-16:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-04-21:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-04-22:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-04-23:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-04-29:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-04-30:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-05-30:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-06-06:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-06-14:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-06-18:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-06-30:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-07-03:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-07-16:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-07-30:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-07-31:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-08-05:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-08-15:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-08-16:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-08-28:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-08-31:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-09-07:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-09-08:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-09-11:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-09-18:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-09-27:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-09-30:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-10-01:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-10-02:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-10-03:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-10-07:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-10-08:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-10-09:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-10-11:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-10-16:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-10-18:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-10-22:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-10-24:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-10-25:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-11-06:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-11-10:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-11-14:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-11-15:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-11-25:*:*:*:*:*:*:*
References
Link Resource
http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html
http://www.live555.com/liveMedia/public/changelog.txt
History

No history.

cve-icon MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2014-01-23T21:00:00

Updated: 2014-01-23T20:57:01

Reserved: 2013-12-03T00:00:00

Link: CVE-2013-6933

JSON object: View

cve-icon NVD Information

Status : Analyzed

Published: 2014-01-23T21:55:04.913

Modified: 2019-09-12T12:13:31.540

Link: CVE-2013-6933

JSON object: View

cve-icon Redhat Information

No data.

CWE