vendor:
RTSP for iOS
by:
Luis Martinez
5.5
CVSS
MEDIUM
Denial of Service (DoS) Local
CWE
Product Name: RTSP for iOS
Affected Version From: 1
Affected Version To: 1
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested: iPhone 7 iOS 13.5.1
2020
RTSP for iOS 1.0 – ‘IP Address’ Denial of Service (PoC)
The RTSP for iOS 1.0 application is vulnerable to a denial of service (DoS) attack. By sending a specially crafted request, an attacker can cause the application to crash, resulting in a denial of service condition. The vulnerability exists in the 'IP Address' field of the application. To exploit this vulnerability, an attacker needs to provide a large amount of data (450 bytes) as the value for the 'IP Address' field. This will cause the application to crash when the user interacts with the 'IP Address' field. This proof-of-concept (PoC) code demonstrates the vulnerability by generating a buffer of 450 'A' characters and printing it to the console.
Mitigation:
The vendor has not provided any specific mitigation or remediation steps for this vulnerability. It is recommended to avoid using the RTSP for iOS 1.0 application or to update to a newer version if available.
