Get Gentoo!
gentoo.org sites
gentoo.org Wiki Bugs Forums Packages
Planet Archives Sources
Infra Status

Motion: Denial of service — GLSA 202208-18

A vulnerability in Motion allows a remote attacker to cause denial of service.

Affected packages

Package media-video/motion on all architectures
Affected versions < 4.3.2
Unaffected versions >= 4.3.2

Background

Motion is a program that monitors the video signal from one or more cameras and is able to detect motions.

Description

The Motion HTTP server does not correctly perform URL decoding. If the HTTP server receives a request for a URL containing an incomplete percent-encoded character, a flaw in parsing results in an infinite loop trying to parse the rest of the character, which eventually results in a denial of service condition when reading out-of-bounds.

Impact

A remote attacker can trigger a denial of service condition in Motion.

Workaround

There is no known workaround at this time.

Resolution

All Motion users should upgrade to the latest version:

 # emerge --sync
 # emerge --ask --oneshot --verbose ">=media-video/motion-4.3.2"

References

Release date
August 10, 2022

Latest revision
August 10, 2022: 1

Severity
low

Exploitable
remote

Bugzilla entries