Bug 1218755 (CVE-2023-37117)

Summary:	VUL-0: CVE-2023-37117: A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP.
Product:	[openSUSE] openSUSE Distribution	Reporter:	SMASH SMASH <smash_bz>
Component:	Security	Assignee:	Security Team bot <security-team>
Status:	NEW ---	QA Contact:	Security Team bot <security-team>
Severity:	Normal
Priority:	P3 - Medium	CC:	qydwhotmail, stoyan.manolov
Version:	Leap 15.6
Target Milestone:	---
Hardware:	Other
OS:	Other
URL:	https://smash.suse.de/issue/391001/
Whiteboard:
Found By:	Security Response Team	Services Priority:
Business Priority:		Blocker:	---
Marketing QA Status:	---	IT Deployment:	---

Description SMASH SMASH 2024-01-12 08:11:49 UTC

A heap-use-after-free vulnerability was found in live555 version 2023.05.10 while handling the SETUP.

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-37117
https://www.cve.org/CVERecord?id=CVE-2023-37117
http://lists.live555.com/pipermail/live-devel/2023-June/022331.html
http://www.live555.com/liveMedia/public/changelog.txt

Comment 1 Stoyan Manolov 2024-01-12 08:13:05 UTC

OpenSUSE:Factory is affected

Comment 2 Takashi Iwai 2024-01-17 15:03:00 UTC

The update to the latest version 2023.11.30 was submitted to TW.