CVE-2007-0749

3 documents3 sources

Severity

10.0CRITICAL

EPSS

20.3%

top 4.48%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple Darwin Streaming Server

Timeline

PublishedMay 13

Latest updateMay 1

Description

Multiple stack-based buffer overflows in the is_command function in proxy.c in Apple Darwin Streaming Proxy, when using Darwin Streaming Server before 5.5.5, allow remote attackers to execute arbitrary code via a long (1) cmd or (2) server value in an RTSP request.

CVSS vector

AV:N/AC:L/C:C/I:C/A:CExploitability: 10.0 | Impact: 10.0

Affected Packages1 packages

▶NVDapple/darwin_streaming_server4 versions+3

Patches

Patch: docs.info.apple.com ↗Patch: labs.idefense.com ↗Patch: lists.apple.com ↗

🔴Vulnerability Details

GHSA

GHSA-39jq-32qw-h3r2: Multiple stack-based buffer overflows in the is_command function in proxy↗2022-05-01

▶

CVEList

CVE-2007-0749: Multiple stack-based buffer overflows in the is_command function in proxy↗2007-05-13

▶