CVE-2020-13899

Опубликовано: 10 июн. 2020

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_process_incoming_request in janus.c discloses information from uninitialized stack memory.

Ссылки

https://github.com/meetecho/janus-gateway/blob/v0.10.0/janus.c#L1326
Third Party Advisory
https://github.com/meetecho/janus-gateway/pull/2214
Patch
Third Party Advisory
https://github.com/merrychap/poc_exploits/tree/master/janus-webrtc/CVE-2020-13899
Exploit
Third Party Advisory
https://github.com/meetecho/janus-gateway/blob/v0.10.0/janus.c#L1326
Third Party Advisory
https://github.com/meetecho/janus-gateway/pull/2214
Patch
Third Party Advisory
https://github.com/merrychap/poc_exploits/tree/master/janus-webrtc/CVE-2020-13899
Exploit
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:meetecho:janus:*:*:*:*:*:*:*:*

Версия от 0.9.0 (включая) до 0.10.0 (включая)

EPSS

Процентиль: 63%

0.00452

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-908

Связанные уязвимости

CVE-2020-13899

CVSS3: 7.5

ubuntu

больше 5 лет назад

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_process_incoming_request in janus.c discloses information from uninitialized stack memory.

CVE-2020-13899

CVSS3: 7.5

debian

больше 5 лет назад

An issue was discovered in janus-gateway (aka Janus WebRTC Server) thr ...

GHSA-x6c3-mvjq-f4mg

github

больше 3 лет назад

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_process_incoming_request in janus.c discloses information from uninitialized stack memory.

EPSS

Процентиль: 63%

0.00452

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-908