Skip to content
GitLab
Projects Groups Snippets
  • /
  • Help
    • Help
    • Support
    • Community forum
    • Submit feedback
    • Contribute to GitLab
  • Register
  • Sign in
  • gst-plugins-base gst-plugins-base
  • Project information
    • Project information
    • Activity
    • Labels
    • Members
  • Repository
    • Repository
    • Files
    • Commits
    • Branches
    • Tags
    • Contributors
    • Graph
    • Compare
  • Issues 642
    • Issues 642
    • List
    • Boards
    • Service Desk
    • Milestones
  • Merge requests 79
    • Merge requests 79
  • CI/CD
    • CI/CD
    • Pipelines
    • Jobs
    • Schedules
  • Deployments
    • Deployments
    • Environments
    • Releases
  • Packages and registries
    • Packages and registries
    • Container Registry
  • Monitor
    • Monitor
    • Incidents
  • Analytics
    • Analytics
    • Value stream
    • CI/CD
    • Repository
  • Snippets
    • Snippets
  • Activity
  • Graph
  • Create a new issue
  • Jobs
  • Commits
  • Issue Boards
Collapse sidebar

Due to an influx of spam, we have had to impose restrictions on new accounts. Please see this wiki page for instructions on how to get full permissions. Sorry for the inconvenience.

Update #1:

Due to abusive users subverting our CI facilities to mine cryptocurrency, breaking out of the container sandbox in the process, we have been forced to take actions to limit the usage of the public runners to official projects only.

The policy will be enforced on 2023-03-23 (or before if we detect abuses).

Please see this issue for more context and to see if and how you are impacted.

  • GStreamerGStreamer
  • gst-plugins-basegst-plugins-base
  • Merge requests
  • !157
The source project of this merge request has been removed.

gstrtspconnection: Security loophole making heap overflow

Merged Tobias Ronge requested to merge (removed):fix-sec into master Mar 14, 2019
  • Overview 1
  • Pipelines 0
  • Changes 1

The former code allowed an attacker to create a heap overflow by sending a longer than allowed session id in a response and including a semicolon to change the maximum length. With this change, the parser will never go beyond 512 bytes.

Assignee
Assign to
Reviewers
Request review from
Time tracking
Source branch: fix-sec