CVE-2019-6256

Priority
Description
A Denial of Service issue was discovered in the LIVE555 Streaming Media
libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer
crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is
supported, via x-sessioncookie HTTP headers in a GET request and a POST
request within the same TCP session. This occurs because of a call to an
incorrect virtual function pointer in the readSocket function in
GroupsockHelper.cpp.
Notes
Package
Upstream:released (2018.11.26-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.04 (Disco Dingo):released (2018.11.26-1)
Ubuntu 19.10 (Eoan):released (2018.11.26-1)
More Information

Updated: 2019-10-09 06:54:12 UTC (commit 33aea848a182c0afcd0a3f927a01a7ecd9a061ee)