Skip to content

gstrtspconnection: Security loophole making heap overflow

Tobias Ronge requested to merge (removed):fix-sec into master

The former code allowed an attacker to create a heap overflow by sending a longer than allowed session id in a response and including a semicolon to change the maximum length. With this change, the parser will never go beyond 512 bytes.

Merge request reports

Loading