Feng vulnerabilities
5 known vulnerabilities affecting feng/feng.
Total CVEs
5
CISA KEV
0
Public exploits
1
Exploited in wild
0
Severity breakdown
HIGH2MEDIUM3
Vulnerabilities
Page 1 of 1
CVE-2007-6630P4MEDIUMCVSS 5.0PoC≤ 0.1.152008-01-04
CVE-2007-6630 [MEDIUM] CVE-2007-6630: The Url_init function in utils/url.c in Netembryo 0.0.4, when used by LScube Feng, allows remote att
The Url_init function in utils/url.c in Netembryo 0.0.4, when used by LScube Feng, allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a malformed URI containing a "/:" sequence, as demonstrated by a "DESCRIBE /: RTSP/1.0" request.
nvd
CVE-2007-6626P3HIGHCVSS 7.5≤ 0.1.152008-01-04
CVE-2007-6626 [HIGH] CWE-119 CVE-2007-6626: Multiple buffer overflows in the RTSP_valid_response_msg function in RTSP_state_machine.c in LScube
Multiple buffer overflows in the RTSP_valid_response_msg function in RTSP_state_machine.c in LScube Feng 0.1.15 and earlier allow remote attackers to execute arbitrary code via (1) a long first line of a response, as demonstrated by a long VER line; or (2) a long second line of a response, as demonstrated by a message that follows a RETURN line.
nvd
CVE-2007-6627P4HIGHCVSS 7.5≤ 0.1.152008-01-04
CVE-2007-6627 [HIGH] CWE-189 CVE-2007-6627: Integer overflow in the RTSP_remove_msg function in RTSP_lowlevel.c in LScube Feng 0.1.15 and earlie
Integer overflow in the RTSP_remove_msg function in RTSP_lowlevel.c in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an RTP packet with a size value of 0xffff.
nvd
CVE-2007-6629P4MEDIUMCVSS 5.0≤ 0.1.152008-01-04
CVE-2007-6629 [MEDIUM] CVE-2007-6629: Interpretation conflict in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial
Interpretation conflict in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a User-Agent header line that contains a carriage-return character, which is considered a line delimiter when the header is split into individual lines, but not when log_user_agent in RTSP_utils.c parses the con
nvd
CVE-2007-6628P4MEDIUMCVSS 5.0≤ 0.1.152008-01-04
CVE-2007-6628 [MEDIUM] CVE-2007-6628: LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereferenc
LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via (1) a malformed Transport header, which triggers misparsing in parse_transport_header in RTSP_setup.c, as demonstrated by a Transport header that contains only a "RTP/AVP;unicast;client_port" sequence; or (2) a malformed Range header, wh
nvd