脆弱性情報
高度な大規模言語モデル技術を使用していますが、出力には不正確または古い情報が含まれる可能性があります。Shenlongはデータの正確性を確保するよう努めていますが、実際の状況に基づいて検証・判断してください。
脆弱性タイトル
GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability
脆弱性説明
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound. #### setStream command index-out-of-bound
CVSS情報
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
脆弱性タイプ
对数组索引的验证不恰当
脆弱性タイトル
GeoVision GeoWebPlayer 输入验证错误漏洞
脆弱性説明
GeoVision GeoWebPlayer是中国GeoVision公司的一款媒体设备的语音视频功能模块。 GeoVision GeoWebPlayer V1.1.1.0版本存在输入验证错误漏洞,该漏洞源于setStream命令对index值未进行有效范围检查,可能导致越界访问多个数组。
CVSS情報
N/A
脆弱性タイプ
N/A