CVE-2020-6095 Common Vulnerabilities and Exposures

Upstream information

CVE-2020-6095 at MITRE

Description

An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

SUSE Bugzilla entry: 1168026 [RESOLVED / FIXED]

SUSE Security Advisories:

openSUSE-SU-2020:0535-1, published Thu Dec 7 12:55:39 2023

List of released packages

Product(s)	Fixed package version(s)	References
SUSE Package Hub 15 SP1	`gstreamer-rtsp-server-devel >= 1.12.5-bp151.4.3.1` `libgstrtspserver-1_0-0 >= 1.12.5-bp151.4.3.1` `typelib-1_0-GstRtspServer-1_0 >= 1.12.5-bp151.4.3.1`	Patchnames: openSUSE-2020-535
openSUSE Leap 15.1	`gstreamer-rtsp-server-devel >= 1.12.5-lp151.3.3.1` `libgstrtspserver-1_0-0 >= 1.12.5-lp151.3.3.1` `typelib-1_0-GstRtspServer-1_0 >= 1.12.5-lp151.3.3.1`	Patchnames: openSUSE-2020-535
openSUSE Tumbleweed	`gstreamer-rtsp-server-devel >= 1.18.5-1.1` `libgstrtspserver-1_0-0 >= 1.18.5-1.1` `typelib-1_0-GstRtspServer-1_0 >= 1.18.5-1.1`	Patchnames: openSUSE-Tumbleweed-2024-10831

SUSE Timeline for this CVE

CVE page created: Sat Mar 28 01:58:30 2020
CVE page last modified: Mon Sep 9 15:43:12 2024