Bug 2258054 (CVE-2023-37117)
Summary: | CVE-2023-37117 live555: stack use-after-return while handling the SETUP client request | ||
---|---|---|---|
Product: | [Other] Security Response | Reporter: | TEJ RATHI <trathi> |
Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> |
Status: | NEW --- | QA Contact: | |
Severity: | medium | Docs Contact: | |
Priority: | medium | ||
Version: | unspecified | Keywords: | Security |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | Type: | --- | |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: | |||
Bug Depends On: | 2258055 | ||
Bug Blocks: |
Description
TEJ RATHI
2024-01-12 12:12:52 UTC
Created live555 tracking bugs for this issue: Affects: fedora-all [bug 2258055] We never had a vulnerable version in Fedora or EPEL. 2023.06.20 was imported and this was fixed in 2023.06.14: http://lists.live555.com/pipermail/live-devel/2023-June/022332.html http://www.live555.com/liveMedia/public/changelog.txt ... 2023.06.14: - Fixed a bug in the Matroska file parsing code that could sometimes cause a 'use after free' error. (Thanks to Meng Ruijie, Martin Mirchev, and "jerry testing" for reporting this.) In reply to comment #2: > We never had a vulnerable version in Fedora or EPEL. 2023.06.20 was imported > and this was fixed in 2023.06.14: > > http://lists.live555.com/pipermail/live-devel/2023-June/022332.html > > http://www.live555.com/liveMedia/public/changelog.txt > ... > 2023.06.14: > - Fixed a bug in the Matroska file parsing code that could sometimes cause a > 'use after free' > error. (Thanks to Meng Ruijie, Martin Mirchev, and "jerry testing" for > reporting this.) Hey Dominik, Thanks for letting me know. |