Critical severity9.8NVD Advisory· Published Jun 8, 2017· Updated May 13, 2026
CVE-2017-5878
CVE-2017-5878
Description
The AMF unmarshallers in Red5 Media Server before 1.0.8 do not restrict the classes for which it performs deserialization, which allows remote attackers to execute arbitrary code via crafted serialized Java data.
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
2- www.openwall.com/lists/oss-security/2017/05/22/2nvdMailing ListThird Party Advisory
- www.github.com/mbechler/marshalsec/blob/master/marshalsec.pdfnvdThird Party Advisory
News mentions
0No linked articles in our index yet.