Bugzilla – Bug 1168026
VUL-0: CVE-2020-6095: gstreamer-rtsp-server: denial of service vulnerability in the GstRTSPAuth functionality
Last modified: 2023-08-03 11:41:06 UTC
CVE-2020-6095 An exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-6095 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-6095 https://talosintelligence.com/vulnerability_reports/TALOS-2020-1018
Upstream commit: 44ccca3086dd81081d72ca0b21d0ecdde962fb1a Affected: openSUSE Tumbleweed openSUSE Leap 15.1 openSUSE Leap 15.2
Factory sub https://build.opensuse.org/request/show/793763 Maintenance sub https://build.opensuse.org/request/show/793774
Fixed package checked into Factory Subbed from factory to Leap 15.2 https://build.opensuse.org/request/show/794223 Maintenance acked sub for Sleap 15.1, not yet published though. Closing as resolved fixed
openSUSE-SU-2020:0535-1: An update that fixes one vulnerability is now available. Category: security (moderate) Bug References: 1168026 CVE References: CVE-2020-6095 Sources used: openSUSE Leap 15.1 (src): gstreamer-rtsp-server-1.12.5-lp151.3.3.1 openSUSE Backports SLE-15-SP1 (src): gstreamer-rtsp-server-1.12.5-bp151.4.3.1