CVE-2023-37117 – A heap-use-after-free vulnerability in live555 ... (How to Fix)

Q: What is the severity of CVE-2023-37117?

CVE-2023-37117 has a CVSS score of 9.8 (CRITICAL). A heap-use-after-free vulnerability in live555 media server allows attackers to execute arbitrary code or cause denial of service by sending specially crafted SETUP requests. This affects systems running live555 media streaming server version 2023.05.10 and potentially earlier versions. The vulnerability is remotely exploitable without authentication.

📋 TL;DR

A heap-use-after-free vulnerability in live555 media server allows attackers to execute arbitrary code or cause denial of service by sending specially crafted SETUP requests. This affects systems running live555 media streaming server version 2023.05.10 and potentially earlier versions. The vulnerability is remotely exploitable without authentication.

💻 Affected Systems

Products:

live555 Media Server

Versions: Version 2023.05.10 and potentially earlier versions

Operating Systems: All platforms running live555 (Linux, Windows, macOS, etc.)

Default Config Vulnerable: ⚠️ Yes

Notes: Any system using live555 for media streaming is vulnerable when handling SETUP requests.

📦 What is this software?

Live555 by Live555

View all CVEs affecting Live555 →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Remote code execution leading to complete system compromise, data theft, or ransomware deployment.

🟠

Likely Case

Denial of service causing media streaming service disruption and potential system crashes.

🟢

If Mitigated

Limited impact with proper network segmentation and exploit prevention controls in place.

🌐 Internet-Facing: HIGH - The vulnerability is remotely exploitable without authentication and affects a media streaming service often exposed to external networks.

🏢 Internal Only: MEDIUM - Still significant risk for internal systems, but network segmentation can reduce attack surface.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ⚠️ Yes

Complexity: MEDIUM

Heap-use-after-free vulnerabilities typically require some exploit development but are often weaponized once details become public.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version after 2023.05.10 (check latest release)

Vendor Advisory: http://lists.live555.com/pipermail/live-devel/2023-June/022331.html

Restart Required: Yes

Instructions:

1. Download latest live555 source from http://www.live555.com/liveMedia/ 2. Compile and install according to platform instructions 3. Restart all live555 services

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict access to live555 services to trusted networks only

iptables -A INPUT -p tcp --dport 554 -s trusted_network -j ACCEPT
iptables -A INPUT -p tcp --dport 554 -j DROP

Disable Vulnerable Service

linux

Temporarily disable live555 services until patched

systemctl stop live555
systemctl disable live555

🧯 If You Can't Patch

Implement strict network access controls to limit exposure
Deploy intrusion prevention systems with CVE-2023-37117 signatures

🔍 How to Verify

Check if Vulnerable:

Check live555 version: grep 'LIVE555_VERSION' in source or check running service version

Check Version:

./live555ProxyServer -h 2>&1 | grep version || check source code for LIVE555_VERSION

Verify Fix Applied:

Verify version is newer than 2023.05.10 and test SETUP request handling

📡 Detection & Monitoring

Log Indicators:

Multiple failed SETUP requests
Abnormal memory usage patterns
Service crashes or restarts

Network Indicators:

Unusual volume of RTSP SETUP requests
Traffic from unexpected sources to port 554/8554

SIEM Query:

source="live555.log" AND ("SETUP" OR "crash" OR "segfault")

📊 Metadata

CVE ID: CVE-2023-37117

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-416

Published: January 12, 2024

Last Updated: November 21, 2024

🔗 References

http://lists.live555.com/pipermail/live-devel/2023-June/022331.html Exploit,Mailing List,Vendor Advisory
http://www.live555.com/liveMedia/public/changelog.txt Release Notes,Vendor Advisory
http://lists.live555.com/pipermail/live-devel/2023-June/022331.html Exploit,Mailing List,Vendor Advisory
http://www.live555.com/liveMedia/public/changelog.txt Release Notes,Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-37117, you might also want to check these: