GStreamer RTSP Server: Denial of service — GLSA 202009-05

A vulnerability in GStreamer RTSP Server could lead to a Denial of Service condition.

Affected packages

media-libs/gst-rtsp-server on all architectures
Affected versions < 1.16.2
Unaffected versions >= 1.16.2

Background

RTSP server library based on GStreamer.

Description

It was discovered that GStreamer RTSP Server did not properly handle authentication.

Impact

A remote attacker, by sending specially crafted authentication requests, could possibly cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All GStreamer RTSP Server users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose
 ">=media-libs/gst-rtsp-server-1.16.2"
 

References

Release date
September 13, 2020

Latest revision
September 13, 2020: 1

Severity
normal

Exploitable
local, remote

Bugzilla entries