Buffer overflow in Realnetworks Helix_mobile_server

CVE-2010-4596

Stack-based buffer overflow in RealNetworks Helix Server 12.x, 13.x, and 14.x before 14.2, and Helix Mobile Server 12.x, 13.x, and 14.x before 14.2, allows remote attackers to execute arbitrary code via a long string in an RTSP request.

Vulnerability class: Buffer Overflow

EPSS: 0.058 (90.7th percentile) — read the EPSS interpretation.

Affected products

Realnetworks Helix_mobile_server — versions 12.0, 13.1.1, 14.0.0
Realnetworks Helix_server — versions 12.0.0, 12.0.1, 13.0.0
N/a — versions n/a

Weakness classification (CWE)

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
47109 (vdb-entry, x_refsource_BID)
20110331 RealNetworks Helix DNA Server RTSP Stack Buffer Overflow (x_refsource_IDEFENSE, third-party-advisory)