Vulnerabilities > CVE-2020-13899 - Use of Uninitialized Resource vulnerability in Meetecho Janus
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
NONE Availability impact
NONE Summary
An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_process_incoming_request in janus.c discloses information from uninitialized stack memory.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 7 |
Common Weakness Enumeration (CWE)
References
- https://github.com/meetecho/janus-gateway/blob/v0.10.0/janus.c#L1326
- https://github.com/meetecho/janus-gateway/pull/2214
- https://github.com/merrychap/poc_exploits/tree/master/janus-webrtc/CVE-2020-13899
- https://github.com/meetecho/janus-gateway/blob/v0.10.0/janus.c#L1326
- https://github.com/merrychap/poc_exploits/tree/master/janus-webrtc/CVE-2020-13899
- https://github.com/meetecho/janus-gateway/pull/2214