Lucene search
Veracode Vulnerability DatabaseVERACODE:25671HistoryJun 12, 2020 - 7:10 a.m.
Information Disclosure
2020-06-1207:10:45
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
7
EPSS
0.003
Percentile
68.3%
janus-gateway is vulnerable to information disclosure. The leakage is possible because the function janus_process_incoming_request in janus.c causes stack memory leak due to lack of proper handling of error_str on SDP code.
References
github.com/meetecho/janus-gateway/blob/v0.10.0/janus.c#L1326
github.com/meetecho/janus-gateway/commit/5b15ded4c3542ccef097da5088d01d977652fe9d
github.com/meetecho/janus-gateway/pull/2214
github.com/merrychap/CVEs/tree/master/CVE-2020-13899
github.com/merrychap/poc_exploits/tree/master/janus-webrtc/CVE-2020-13899
Related
nvd
nvd
CVE-2020-13899
2020-06-10 22:15:11
osv
osv
CVE-2020-13899
2020-06-10 22:15:11
ubuntucve
ubuntucve
CVE-2020-13899
2020-06-10 00:00:00
prion
prion
Stack overflow
2020-06-10 22:15:00
debiancve
debiancve
CVE-2020-13899
2020-06-10 22:15:11
cvelist
cvelist
CVE-2020-13899
2020-06-10 21:05:17
cve
cve
CVE-2020-13899
2020-06-10 22:15:11