CVE-2013-6933
published 2014-01-23CVE-2013-6933: The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote…
PriorityP347high7.5CVSS 2.0
AVNACLAuNCPIPAP
EPSS
17.41%
96.7th percentile
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.
Affected
162 ranges· showing 25
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | mplayer | < mplayer 2:1.1.1+svn37434-1 (bookworm) | mplayer 2:1.1.1+svn37434-1 (bookworm) |
| debian | mplayer | — | — |
| debian | vlc | < mplayer 2:1.1.1+svn37434-1 (bookworm) | mplayer 2:1.1.1+svn37434-1 (bookworm) |
| debian | vlc | — | — |
| live555 | streaming_media | — | — |
| live555 | streaming_media | — | — |
| live555 | streaming_media | — | — |
| live555 | streaming_media | — | — |
| live555 | streaming_media | — | — |
| live555 | streaming_media | — | — |
| live555 | streaming_media | — | — |
| live555 | streaming_media | — | — |
| live555 | streaming_media | — | — |
| live555 | streaming_media | — | — |
| live555 | streaming_media | — | — |
| live555 | streaming_media | — | — |
| live555 | streaming_media | — | — |
| live555 | streaming_media | — | — |
| live555 | streaming_media | — | — |
| live555 | streaming_media | — | — |
| live555 | streaming_media | — | — |
| live555 | streaming_media | — | — |
| live555 | streaming_media | — | — |
| live555 | streaming_media | — | — |
| live555 | streaming_media | — | — |
CVSS provenance
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv7.5HIGH
vendor_debian7.5LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Debian
CVE-2013-6934: mplayer - The parseRTSPRequestString function in Live Networks Live555 Streaming Media 201...
vendor_debian·2013·CVSS 7.5
CVE-2013-6934 [HIGH] CVE-2013-6934: mplayer - The parseRTSPRequestString function in Live Networks Live555 Streaming Media 201...
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933.
Scope: local
bookworm: resolved
bullseye: resolved
forky: resolved
sid: resolved
trixie: resolved
Debian
CVE-2013-6933: mplayer - The parseRTSPRequestString function in Live Networks Live555 Streaming Media 201...
vendor_debian·2013·CVSS 7.5
CVE-2013-6933 [HIGH] CVE-2013-6933: mplayer - The parseRTSPRequestString function in Live Networks Live555 Streaming Media 201...
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.
Scope: local
bookworm: resolved (fixed in 2:1.1.1+svn37434-1)
bullseye: resolved (fixed in 2:1.1.1+svn37434-1)
forky: resolved (fixed in 2:1.1.1+svn37434-1)
sid: resolved (fixed in 2:1.1.1+svn37434-1)
trixie: resolved (fixed in 2:1.1.1+svn37434-1)
GHSA
GHSA-vcpq-3936-w8vf: The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011
ghsa_unreviewed·2022-05-13
CVE-2013-6933 [HIGH] CWE-119 GHSA-vcpq-3936-w8vf: The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.
GHSA
GHSA-qqf2-v78c-75h2: The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013
ghsa_unreviewed·2022-05-13·CVSS 7.5
CVE-2013-6934 [HIGH] GHSA-qqf2-v78c-75h2: The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2013.11.26, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a space character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow. NOTE: this vulnerability exists because of an incomplete fix for CVE-2013-6933.
OSV
CVE-2013-6933: The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011
osv·2014-01-23·CVSS 7.5
CVE-2013-6933 [HIGH] CVE-2013-6933: The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011
The parseRTSPRequestString function in Live Networks Live555 Streaming Media 2011.08.13 through 2013.11.25, as used in VideoLAN VLC Media Player, allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a (1) space or (2) tab character at the beginning of an RTSP message, which triggers an integer underflow, infinite loop, and buffer overflow.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2014-01-23
Published