漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
GeoVision GeoWebPlayer Websocket Server out-of-bounds read vulnerability
Vulnerability Description
GeoWebPlayer (also called "Web Plugin" in the GV-VMS documentation and "WS Player" for VMS-Cloud) is an addon that can be installed with various GeoVision software (GV-VMS, GV-Cloud, ...). It creates a websocket server that expands the capabilities of the various web-interfaces provided by the GeoVision software and may be necessary for them to function properly. The Websocket server can accept various commands coming from localhost. Many of the commands will take an `index` value that is then used to access various arrays to enter critical sections, perform various actions via function calls, etc. However the `index` value is usually not checked for valid range, and as such it can be used to access multiple arrays out-of-bound. #### disconnect command index-out-of-bound
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:C/C:H/I:H/A:H
Vulnerability Type
对数组索引的验证不恰当
Vulnerability Title
GeoVision GeoWebPlayer 输入验证错误漏洞
Vulnerability Description
GeoVision GeoWebPlayer是中国GeoVision公司的一款媒体设备的语音视频功能模块。 GeoVision GeoWebPlayer V1.1.1.0版本存在输入验证错误漏洞,该漏洞源于对index值的范围未进行有效验证,可能导致越界访问多个数组。
CVSS Information
N/A
Vulnerability Type
N/A