CVE-2020-6095

NameCVE-2020-6095
DescriptionAn exploitable denial of service vulnerability exists in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. A specially crafted RTSP setup request can cause a null pointer deference resulting in denial-of-service. An attacker can send a malicious packet to trigger this vulnerability.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
gst-rtsp-server1.0 (PTS)buster1.14.4-1vulnerable
bullseye1.18.4-2fixed
bookworm, sid1.22.0-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
gst-rtsp-server1.0source(unstable)1.16.2-3low

Notes

[buster] - gst-rtsp-server1.0 <no-dsa> (Minor issue)
[stretch] - gst-rtsp-server1.0 <no-dsa> (Minor issue)
https://talosintelligence.com/vulnerability_reports/TALOS-2020-1018
https://gitlab.freedesktop.org/gstreamer/gst-rtsp-server/-/commit/44ccca3086dd81081d72ca0b21d0ecdde962fb1a
Search for package or bug name: Reporting problems