CVE-2021-38381: 
NixOS vulnerability analysis and mitigation

CVE-2021-38381 is a vulnerability discovered in Live555 software versions through 1.08. The vulnerability was disclosed on August 10, 2021, and affects the handling of MPEG-1 or 2 files in the software. The issue specifically occurs when sending two successive RTSP SETUP commands for the same track, which can trigger a Use-After-Free condition and cause the daemon to crash (NVD, CVE).

The vulnerability is classified as a Use-After-Free (CWE-416) issue. It has been assigned a CVSS v3.1 Base Score of 6.5 (Medium) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H. The vulnerability specifically manifests when handling MPEG-1 or 2 files, where successive RTSP SETUP commands for the same track lead to improper memory management (NVD).

When exploited, this vulnerability can cause the Live555 daemon to crash, resulting in a denial of service condition. The impact is primarily focused on availability, with no direct impact on confidentiality or integrity of the system (NVD).

The vulnerability was fixed in Live555 version 2021.08.09. Users are advised to upgrade to this or a later version to mitigate the issue. The fix was documented in the official changelog (Live555 Changelog).