Security Advisory 2024-0004 (CVE-2024-44331)
DetailsA series of specially crafted client requests during streaming setup (post client authentication, if any) can cause the RTSP server library to abort, if it has been compiled with assertions enabled. ImpactIt is possible for a malicious RTSP client to potentially trigger a crash/abort of the RTSP server application, if it has been compiled with assertions enabled. There is no risk of code execution or memory manipulation. SolutionThe gst-rtsp-server 1.24.9 releases (and git main branch) addresses the issue. People using older branches of GStreamer should apply the patch and recompile. ReferencesThe GStreamer projectCVE Database EntriesGStreamer releases1.24 (current stable)Patches |
Report a problem on this page. |