Vulnerabilities > Feng > Feng

DATE CVE VULNERABILITY TITLE RISK
2008-01-04 CVE-2007-6630 Remote Buffer Overflow and Denial of Service vulnerability in Feng
The Url_init function in utils/url.c in Netembryo 0.0.4, when used by LScube Feng, allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a malformed URI containing a "/:" sequence, as demonstrated by a "DESCRIBE /: RTSP/1.0" request.
network
low complexity
feng
5.0
2008-01-04 CVE-2007-6629 Remote Buffer Overflow and Denial of Service vulnerability in Feng
Interpretation conflict in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a User-Agent header line that contains a carriage-return character, which is considered a line delimiter when the header is split into individual lines, but not when log_user_agent in RTSP_utils.c parses the content of the User-Agent line.
network
low complexity
feng
5.0
2008-01-04 CVE-2007-6628 Remote Buffer Overflow and Denial of Service vulnerability in Feng
LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via (1) a malformed Transport header, which triggers misparsing in parse_transport_header in RTSP_setup.c, as demonstrated by a Transport header that contains only a "RTP/AVP;unicast;client_port" sequence; or (2) a malformed Range header, which triggers misparsing in parse_play_time_range in RTSP_Play, as demonstrated by an empty Range header.
network
low complexity
feng
5.0
2008-01-04 CVE-2007-6627 Numeric Errors vulnerability in Feng
Integer overflow in the RTSP_remove_msg function in RTSP_lowlevel.c in LScube Feng 0.1.15 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via an RTP packet with a size value of 0xffff.
network
low complexity
feng CWE-189
7.5
2008-01-04 CVE-2007-6626 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Feng
Multiple buffer overflows in the RTSP_valid_response_msg function in RTSP_state_machine.c in LScube Feng 0.1.15 and earlier allow remote attackers to execute arbitrary code via (1) a long first line of a response, as demonstrated by a long VER line; or (2) a long second line of a response, as demonstrated by a message that follows a RETURN line.
network
low complexity
feng CWE-119
7.5