How severe is CVE-2018-4013?

Critical severity. CVSS v3 base score is 10.0 out of 10.

Is CVE-2018-4013 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Live Networks Live555 Media Server

CVE-2018-4013

An exploitable code execution vulnerability exists in the HTTP packet-parsing functionality of the LIVE555 RTSP server library version 0.92. A specially crafted packet can cause a stack-based buffer overflow, resulting in code execution. A…

EPSS: 0.505 (97.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 10.0 (Critical). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H.

Affected products

Live Networks Live555 Media Server — versions Version 0.92

Public proof-of-concept exploits

References

DSA-4343 (vendor-advisory, x_refsource_DEBIAN)
[live-devel] 20181017 New LIVE555 version - fixes a potential vulnerability in the RTSP server implementation (mailing-list, x_refsource_MLIST)
[debian-lts-announce] 20181120 [SECURITY] [DLA 1582-1] liblivemedia security update (mailing-list, x_refsource_MLIST)
GLSA-202005-06 (vendor-advisory, x_refsource_GENTOO)
talosintelligence.com/vulnerability_reports/TALOS-2018-0684 (x_refsource_MISC)

Frequently asked questions

What is CVE-2018-4013?: CVE-2018-4013 is a critical-severity vulnerability in Live Networks Live555 Media Server. CVSS score: 10.0/10. Published 2018-10-19.
How severe is CVE-2018-4013?: Critical severity. CVSS v3 base score is 10.0 out of 10.
Is CVE-2018-4013 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.