janus-gateway is vulnerable to information disclosure. The leakage is possible because the function janus_process_incoming_request
in janus.c causes stack memory leak due to lack of proper handling of error_str
on SDP code.
github.com/meetecho/janus-gateway/blob/v0.10.0/janus.c#L1326
github.com/meetecho/janus-gateway/commit/5b15ded4c3542ccef097da5088d01d977652fe9d
github.com/meetecho/janus-gateway/pull/2214
github.com/merrychap/CVEs/tree/master/CVE-2020-13899
github.com/merrychap/poc_exploits/tree/master/janus-webrtc/CVE-2020-13899