A vulnerability in Motion allows a remote attacker to cause denial of service.
|Package||media-video/motion on all architectures|
|Affected versions||< 4.3.2|
|Unaffected versions||>= 4.3.2|
Motion is a program that monitors the video signal from one or more cameras and is able to detect motions.
The Motion HTTP server does not correctly perform URL decoding. If the HTTP server receives a request for a URL containing an incomplete percent-encoded character, a flaw in parsing results in an infinite loop trying to parse the rest of the character, which eventually results in a denial of service condition when reading out-of-bounds.
A remote attacker can trigger a denial of service condition in Motion.
There is no known workaround at this time.
All Motion users should upgrade to the latest version:
# emerge --sync # emerge --ask --oneshot --verbose ">=media-video/motion-4.3.2"
August 10, 2022
August 10, 2022: 1