CVE-2020-13899

EUVD-2020-6107
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_process_incoming_request in janus.c discloses information from uninitialized stack memory.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 63%
Affected Products (NVD)
VendorProductVersion
meetechojanus
0.9.0 ≤
𝑥
≤ 0.10.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
janus
bookworm
1.1.2-1
fixed
sid
1.1.2-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
janus
bionic
needed
eoan
ignored
focal
needed
groovy
ignored
hirsute
ignored
impish
ignored
jammy
needed
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needed
trusty
dne
xenial
dne
Common Weakness Enumeration
References
https://github.com/meetecho/janus-gateway/blob/v0.10.0/janus.c#L1326
https://github.com/meetecho/janus-gateway/pull/2214
https://github.com/merrychap/poc_exploits/tree/master/janus-webrtc/CVE-2020-13899
https://github.com/meetecho/janus-gateway/blob/v0.10.0/janus.c#L1326
https://github.com/meetecho/janus-gateway/pull/2214
https://github.com/merrychap/poc_exploits/tree/master/janus-webrtc/CVE-2020-13899