In Live555 0.95, a setup packet can cause a memory leak leading to DoS because, when there are multiple instances of a single field (username, realm, nonce, uri, or response), only the last instance can ever be freed.
Source: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2019-7732
Reference (s):
- https://github.com/rgaufman/live555/issues/20