Published: 10/06/2020 Updated: 04/03/2021

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

An issue exists in janus-gateway (aka Janus WebRTC Server) up to and including 0.10.0. janus_sdp_preparse in sdp.c has a NULL pointer dereference.

Vulnerable Product	Search on Vulmon	Subscribe to Product
meetecho janus

Debian Bug report logs - #962680 janus: CVE-2020-13898 CVE-2020-13899 CVE-2020-13900 CVE-2020-13901 Package: src:janus; Maintainer for src:janus is Debian VoIP Team <pkg-voip-maintainers@listsaliothdebianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Thu, 11 Jun 2020 20:54:02 UTC Severity: grave ...

🔓 Vulnerability Research and Proof of Concept exploits for Janus WebRTC

Janus WebRTC Janus is an open source, general purpose, WebRTC server designed and developed by Meetecho This version of the server is tailored for Linux systems, although it can be compiled for, and installed on, MacOS machines as well Windows is not supported, but if that's a requirement, Janus is known to work in the "Windows Subsystem for Linux" on Windows 1

CWE-476 https://github.com/meetecho/janus-gateway/blob/v0.10.0/sdp.c#L74 https://github.com/meetecho/janus-gateway/blob/v0.10.0/sdp.c#L64 https://github.com/meetecho/janus-gateway/pull/2214 https://github.com/merrychap/poc_exploits/tree/master/janus-webrtc/CVE-2020-13900 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=962680 https://nvd.nist.gov https://github.com/merrychap/POC-janus-webrtc

CVE-2020-13900

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

Github Repositories

References

Vulmon Search

About

Products

Connect