Vulnerability Details CVE-2020-13899
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_process_incoming_request in janus.c discloses information from uninitialized stack memory.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 62.8%
CVSS Severity
CVSS v3 Score 7.5
CVSS v2 Score 5.0
References
- https://github.com/meetecho/janus-gateway/blob/v0.10.0/janus.c#L1326
- https://github.com/meetecho/janus-gateway/pull/2214
- https://github.com/merrychap/poc_exploits/tree/master/janus-webrtc/CVE-2020-13899
- https://github.com/meetecho/janus-gateway/blob/v0.10.0/janus.c#L1326
- https://github.com/meetecho/janus-gateway/pull/2214
- https://github.com/merrychap/poc_exploits/tree/master/janus-webrtc/CVE-2020-13899
Products affected by CVE-2020-13899
-
cpe:2.3:a:meetecho:janus:0.10.0
-
cpe:2.3:a:meetecho:janus:0.9.0
-
cpe:2.3:a:meetecho:janus:0.9.1
-
cpe:2.3:a:meetecho:janus:0.9.2
-
cpe:2.3:a:meetecho:janus:0.9.3
-
cpe:2.3:a:meetecho:janus:0.9.4
-
cpe:2.3:a:meetecho:janus:0.9.5