CVE-2013-6933

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2013-6933
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.

7.5 /10

CVSS v2.0 : HIGH

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:P/A:P

Exploitability : 10.0 / Impact : 6.4

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact PARTIAL

References
Link Resource
http://isecpartners.github.io/fuzzing/vulnerabilities/2013/12/30/vlc-vulnerability.html
http://www.live555.com/liveMedia/public/changelog.txt
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:live555:streaming_media:2011-08-13:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-08-20:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-08-22:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-09-02:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-09-19:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-10-05:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-10-09:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-10-18:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-10-27:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-11-02:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-11-08:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-11-20:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-11-27:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-11-28:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-11-29:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-12-02:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-12-19:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-12-20:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2011-12-23:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-01-07:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-01-13:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-01-25:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-01-26:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-02-03:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-02-04:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-02-29:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-03-20:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-03-22:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-04-04:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-04-18:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-04-21:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-04-26:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-04-27:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-05-03:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-05-11:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-05-17:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-06-12:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-06-17:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-06-23:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-06-26:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-07-03:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-07-06:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-07-14:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-07-18:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-07-24:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-07-26:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-08-08:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-08-12:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-08-17:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-08-20:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-08-28:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-08-29:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-08-30:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-08-31:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-09-06:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-09-07:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-09-11:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-09-12:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-09-13:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-09-27:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-10-01:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-10-04:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-10-11:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-10-12:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-10-16:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-10-17:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-10-18:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-10-21:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-10-22:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-10-24:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-11-05:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-11-08:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-11-16:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-11-17:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-11-22:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-11-28:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-11-29:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-11-30:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-12-15:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-12-18:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-12-21:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-12-22:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-12-23:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2012-12-24:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-01-03:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-01-04:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-01-05:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-01-15:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-01-18:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-01-19:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-01-21:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-01-22:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-01-23:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-01-25:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-02-05:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-02-11:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-02-27:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-03-07:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-03-23:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-03-31:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-04-01:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-04-04:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-04-05:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-04-06:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-04-08:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-04-16:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-04-21:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-04-22:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-04-23:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-04-29:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-04-30:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-05-30:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-06-06:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-06-14:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-06-18:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-06-30:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-07-03:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-07-16:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-07-30:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-07-31:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-08-05:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-08-15:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-08-16:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-08-28:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-08-31:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-09-07:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-09-08:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-09-11:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-09-18:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-09-27:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-09-30:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-10-01:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-10-02:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-10-03:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-10-07:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-10-08:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-10-09:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-10-11:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-10-16:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-10-18:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-10-22:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-10-24:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-10-25:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-11-06:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-11-10:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-11-14:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-11-15:*:*:*:*:*:*:*
cpe:2.3:a:live555:streaming_media:2013-11-25:*:*:*:*:*:*:*
History

No history.

Information

Published : 2014-01-23 21:55

Updated : 2024-02-04 18:35

NVD link : CVE-2013-6933

Mitre link : CVE-2013-6933

CVE.ORG link : CVE-2013-6933

JSON object : View

Products Affected

live555

  • streaming_media
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer

CWE-189

Numeric Errors