CVE-2026-57879
Published: 26 June 2026
Summary
CVE-2026-57879 is a critical-severity Stack-based Buffer Overflow (CWE-121) vulnerability in Com (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 40.9th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2026-39635
Vulnerability details
An unauthenticated stack-based buffer overflow vulnerability exists in ssvr in GeoVision GV-LPC2011 and GV-LPC2211 V1.12 and earlier. The vulnerability is caused by insufficient bounds checking when processing RTSP custom authentication data. A remote attacker may exploit this vulnerability by sending…
more
a crafted RTSP request, resulting in memory corruption, denial of service, or potentially arbitrary code execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Unauthenticated remote stack buffer overflow in public-facing RTSP service directly enables initial access via exploitation of a public-facing application.
Affected Assets
Mitigating Controls
No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.
Hardening callouts derived
Configuration rules from DISA STIG baselines that reduce the attack surface for weaknesses of the type cited by this CVE. Derived transitively via CVE→CWE→STIG over `controls_xwalks` (authoritative rows only).
Oracle Linux 8 (1 rule)
- V-248594 OL 8 must implement address space layout randomization (ASLR) to protect its memory from unauthorized code execution. via CWE-121
Oracle Linux 9 (1 rule)
- V-271452 OL 9 must use a Linux Security Module configured to enforce limits on system services. via CWE-121