What is CVE-2023-34105?

CVE-2023-34105 is a high-severity vulnerability in Ossrs Srs, classified under OS Command Injection. CVSS score: 7.5/10. Published 2023-06-12.

How severe is CVE-2023-34105?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2023-34105 known to be exploited?

3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

RCE in Ossrs Srs

CVE-2023-34105

SRS is a real-time video server supporting RTMP, WebRTC, HLS, HTTP-FLV, SRT, MPEG-DASH, and GB28181. Prior to versions 5.0.157, 5.0-b1, and 6.0.48, SRS's `api-server` server is vulnerable to a drive-by command injection. An attacker may se…

Vulnerability class: Command Injection (OS Command Injection)

EPSS: 0.855 (99.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H.

Affected products

Ossrs Srs — versions >= 5.0.137, < 5.0.157, >= 6.0.18, < 6.0.48, < 5.0-b1

Weakness classification (CWE)

CWE-78 — OS Command Injection

Public proof-of-concept exploits

References

https://github.com/ossrs/srs/security/advisories/GHSA-vpr5-779c-cx62 (x_refsource_CONFIRM)
https://github.com/ossrs/srs/commit/1d878c2daaf913ad01c6d0bc2f247116c8050338 (x_refsource_MISC)
https://github.com/ossrs/srs/blob/1d11d02e4b82fc3f37e4b048cff483b1581482c1/trunk/research/api-server/server.go#L761 (x_refsource_MISC)

Frequently asked questions

What is CVE-2023-34105?: CVE-2023-34105 is a high-severity vulnerability in Ossrs Srs, classified under OS Command Injection. CVSS score: 7.5/10. Published 2023-06-12.
How severe is CVE-2023-34105?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2023-34105 known to be exploited?: 3 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.