Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
webserver.c in mt-dappd in Firefly Media Server 0.2.4 and earlier allows remote attackers to cause a denial of service (NULL dereference and daemon crash) via a stats method action to /xml-rpc with (1) an empty Authorization header line, which triggers a crash in the ws_decodepassword function; or (2) a header line without a ':' character, which triggers a crash in the ws_getheaders function.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Firefly媒体服务器空指针引用漏洞
Vulnerability Description
Firefly是Roku SoundBridge和iTunes所使用的开源媒体服务器。 Firefly在处理畸形文件时存在漏洞,远程攻击者可能利用此漏洞导致服务器崩溃。 在Firefly的webserver.c文件中,ws_getheaders函数的631行存在空指针引用漏洞。如果文件头中的某行(非第一行)不包含"':"的话,就会触发这个漏洞,因为strsep(&last, ':')会对变量last分配NULL,然后代码试图引用last: strsep(&last,":"); if(last==first
CVSS Information
N/A
Vulnerability Type
N/A