Headline
CVE-2022-40016: [Report] server UAF when client send poc message · Issue #235 · ireader/media-server
Use After Free (UAF) vulnerability in ireader media-server before commit 3e0f63f1d3553f75c7d4eb32fa7c7a1976a9ff84 in librtmp, allows attackers to cause a denial of service.
Firstly, make the librtmp RELEASE to avoid it exit early because of assert.
And then, run the rtmp server using test with command test -c rtmp_server_forward_aio_test 127.0.0.1 1935
After server run, push flow to server with something like ffmpeg -re -i source.flv -c copy -f flv -y rtmp://localhost/live/livestream
Finally, send poc message to server with command python3 sender.py 127.0.0.1 1935 poc. The attachment is script and poc file.
After send the poc message, the server execute an UAF and finally crash.