How severe is CVE-2019-6256?

This vulnerability has a severity rating of CRITICAL with a CVSS score of 9.8 out of 10.

What type of vulnerability is CVE-2019-6256?

This is classified as CWE-755, which is a common weakness in software security.

CVE-2019-6256 - CRITICAL Severity | CVSS 9.8

Vulnerability Description

A Denial of Service issue was discovered in the LIVE555 Streaming Media libraries as used in Live555 Media Server 0.93. It can cause an RTSPServer crash in handleHTTPCmd_TunnelingPOST, when RTSP-over-HTTP tunneling is supported, via x-sessioncookie HTTP headers in a GET request and a POST request within the same TCP session. This occurs because of a call to an incorrect virtual function pointer in the readSocket function in GroupsockHelper.cpp.

Related Vulnerabilities

CVE-2009-5043

CRITICAL

CVSS:9.8(Critical)

burn allows file names to escape via mishandled quotation marks

CWE-7552009

CVE-2017-2877

CRITICAL

CVSS:9.8(Critical)

A missing error check exists in the Multi-Camera interface used by the Foscam C1 Indoor HD Camera running application firmware 2.52.2.43. A specially crafted request on port 10001 could allow an attac...

CWE-7552017

CVE-2017-5638

CRITICAL

CVSS:9.8(Critical)

The Jakarta Multipart parser in Apache Struts 2 2.3.x before 2.3.32 and 2.5.x before 2.5.10.1 has incorrect exception handling and error-message generation during file-upload attempts, which allows re...

CWE-7552017

CVE-2018-19991

CRITICAL

CVSS:9.8(Critical)

VeryNginx 0.3.3 allows remote attackers to bypass the Web Application Firewall feature because there is no error handler (for get_uri_args or get_post_args) to block the API misuse described in CVE-20...

CWE-7552018

CVE-2019-12815

CRITICAL

CVSS:9.8(Critical)

An arbitrary file copy vulnerability in mod_copy in ProFTPD up to 1.3.5b allows for remote code execution and information disclosure without authentication, a related issue to CVE-2015-3306.

CWE-7552019

CVE-2019-14431

CRITICAL

CVSS:9.8(Critical)

In MatrixSSL 3.8.3 Open through 4.2.1 Open, the DTLS server mishandles incoming network messages leading to a heap-based buffer overflow of up to 256 bytes and possible Remote Code Execution in parseS...

CWE-7552019