HTB23129: FireFly Media Server Multiple Remote DoS Vulnerabilities

Multiple security vulnerabilities (HTB23126) were found in FireFly Media Server version 1.0.0.1359.

Multiple NULL pointer dereference vulnerabilities in FireFly Media Server

The vulnerability exists due to improper handling of the HTTP CONNECTION, header within the "firefly.exe" binary file. A remote attacker can send a specially crafted packet to 9999/TCP port (FireFly's server default port) with improper CONNECTION header value, leading to a NULL pointer dereference that will cause vulnerable server to crash immediately.

The vulnerability exists due to improper handling of the ACCEPT-LANGUAGE, USER-AGENT and HOST HTTP header parameters within the "firefly.exe" binary file. A remote attacker can send a specially crafted packet to port 9999/TCP with a malformed header containing a control character of return carriage ("\r\n") that will cause a NULL pointer dereference and immediate termination of the vulnerable server.

The vulnerability exists due to improper handling of the HTTP POST and GET methods within the "firefly.exe" binary file. A remote attacker can send a specially crafted packet to 9999/TCP port with an improper HTTP POST or GET request containing an erroneous HTTP protocol version, or one or more control characters of return carriage ("\r\n") leading to a NULL pointer dereference that will cause the vulnerable server to crash immediately.

Source: High-Tech Bridge Advisory HTB23129 - FireFly Media Server Multiple Remote DoS vulnerabilities.