CVE-2007-6628
Last modified
CVE-2007-6628 is a vulnerability of currently unknown severity. LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via (1) a malformed Transport header, which triggers misparsing in parse_transport_header in RTSP_setup.c, as demonstrated by a Transport header that contains only a "RTP/AVP;unicast;client_port" sequence; or (2) a malformed Range header, which triggers misparsing in parse_play_time_range in RTSP_Play, as demonstrated by an empty Range header.. EPSS estimates a 2.14% chance of exploitation in the next 30 days.
Description
LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via (1) a malformed Transport header, which triggers misparsing in parse_transport_header in RTSP_setup.c, as demonstrated by a Transport header that contains only a "RTP/AVP;unicast;client_port" sequence; or (2) a malformed Range header, which triggers misparsing in parse_play_time_range in RTSP_Play, as demonstrated by an empty Range header.
Metrics
Affected Software
| Vendor | Product | Versions |
|---|---|---|
| Feng | Feng | <= 0.1.15 |
References
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2007-6628?
How severe is CVE-2007-6628?
How do I fix CVE-2007-6628?
Are you affected by CVE-2007-6628?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST