CVE-2019-7732Missing Release of Memory after Effective Lifetime in Streaming Media

CWE-401Missing Release of Memory after Effective Lifetime4 documents4 sources
Severity
7.5HIGHNVD
EPSS
0.3%
top 43.65%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Live555 Streaming Media
Timeline
PublishedFeb 11
Latest updateMay 13

Description

In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

🔴Vulnerability Details

3
GHSA
GHSA-wpfj-9q2g-67mp: In Live555 02022-05-13
CVEList
CVE-2019-7732: In Live555 02019-02-11
OSV
CVE-2019-7732: In Live555 02019-02-11
CVE-2019-7732 — Live555 Streaming Media vulnerability | cvebase