CVE-2020-6095: 
NixOS vulnerability analysis and mitigation

An exploitable denial of service vulnerability (CVE-2020-6095) was discovered in the GstRTSPAuth functionality of GStreamer/gst-rtsp-server 1.14.5. The vulnerability was identified in March 2020 and affects the RTSP server library based on GStreamer. A specially crafted RTSP setup request can cause a null pointer dereference, resulting in denial-of-service (Talos Report, NVD).

The vulnerability exists in the GstRTSPAuth object of GStreamer/gst-rtsp-server library. The issue occurs when an attacker sends a crafted RTSP setup request using Basic Authentication with an excessively long Authorization header (>4000 chars). The rtsp-auth module fails to check the validity of the credential->authorization value, instead passing a null value as key to look up in the priv->basic hash table. This results in a null pointer dereference when the g_str_hash function attempts to process the null value. The vulnerability has been assigned a CVSSv3 score of 7.5 (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) (Talos Report).

When successfully exploited, this vulnerability can cause the RTSP server to crash with a Segmentation Fault, resulting in a denial of service condition. The attack can be triggered remotely by sending malicious packets to the affected server (Talos Report).

The vulnerability has been fixed in subsequent releases of GStreamer RTSP Server. Users are advised to upgrade to version 1.16.2 or later. Various Linux distributions have also released security updates to address this vulnerability, including OpenSUSE (openSUSE-SU-2020:0535-1) and Gentoo (GLSA 202009-05) (Gentoo Advisory, OpenSUSE Advisory).