CVE-2021-28899 – This vulnerability in LIVE555 Streaming Media a... (How to Fix)

Q: What is the severity of CVE-2021-28899?

CVE-2021-28899 has a CVSS score of 7.5 (HIGH). This vulnerability in LIVE555 Streaming Media allows remote attackers to cause a denial-of-service (DoS) or potentially execute arbitrary code via specially crafted audio streams. It affects systems using LIVE555 for streaming media services before version 2021.3.16.

📋 TL;DR

This vulnerability in LIVE555 Streaming Media allows remote attackers to cause a denial-of-service (DoS) or potentially execute arbitrary code via specially crafted audio streams. It affects systems using LIVE555 for streaming media services before version 2021.3.16.

💻 Affected Systems

Products:

LIVE555 Streaming Media

Versions: All versions before 2021.3.16

Operating Systems: All platforms running LIVE555

Default Config Vulnerable: ⚠️ Yes

Notes: Affects AC3AudioFileServerMediaSubsession, ADTSAudioFileServerMediaSubsession, and AMRAudioFileServerMediaSubsessionLive OnDemandServerMediaSubsession subclasses

📦 What is this software?

Streaming Media by Live555

View all CVEs affecting Streaming Media →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise and data exfiltration

🟠

Likely Case

Service crash causing denial-of-service for streaming applications

🟢

If Mitigated

Limited impact with proper network segmentation and minimal privileges

🌐 Internet-Facing: HIGH - Exploitable remotely without authentication via streaming endpoints

🏢 Internal Only: MEDIUM - Requires access to internal streaming services

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Vulnerability requires sending specially crafted audio streams to vulnerable endpoints

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2021.3.16

Vendor Advisory: http://lists.live555.com/pipermail/live-devel/2021-March/021891.html

Restart Required: Yes

Instructions:

1. Download LIVE555 version 2021.3.16 or later from live555.com 2. Replace existing installation with patched version 3. Recompile any custom applications using LIVE555 libraries 4. Restart streaming services

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict access to LIVE555 streaming endpoints to trusted networks only

iptables -A INPUT -p tcp --dport [LIVE555_PORT] -s [TRUSTED_NETWORK] -j ACCEPT
iptables -A INPUT -p tcp --dport [LIVE555_PORT] -j DROP

Input Validation

all

Implement proxy/filter to validate audio streams before reaching LIVE555

🧯 If You Can't Patch

Implement strict network access controls to limit exposure
Monitor for abnormal streaming traffic patterns and service crashes

🔍 How to Verify

Check if Vulnerable:

Check LIVE555 version: grep 'LIVE555_VERSION' in source files or check installed package version

Check Version:

strings /path/to/live555/binaries | grep LIVE555_VERSION

Verify Fix Applied:

Confirm version is 2021.3.16 or later and test with valid audio streams

📡 Detection & Monitoring

Log Indicators:

Unexpected service crashes
Memory access violation errors
Abnormal audio stream processing errors

Network Indicators:

Unusual audio stream patterns to LIVE555 ports
Multiple connection attempts with malformed audio data

SIEM Query:

source="*live555*" AND (error OR crash OR "access violation")

📊 Metadata

CVE ID: CVE-2021-28899

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Published: April 29, 2021

Last Updated: November 21, 2024

🔗 References

http://lists.live555.com/pipermail/live-devel/2021-March/021891.html Mailing List,Vendor Advisory
http://lists.live555.com/pipermail/live-devel/2021-March/021891.html Mailing List,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON