CVE-2020-10575 - OpenCVE

An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or too many times.

Attack Vector Network

Attack Complexity High

Privileges Required None

Scope Unchanged

Confidentiality Impact Low

Integrity Impact Low

Availability Impact None

User Interaction Required

No CVSS v3.0

Access Vector Network

Access Complexity High

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:N/AC:H/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Meetecho	Janus

Configuration 1 [-]

cpe:2.3:a:meetecho:janus:*:*:*:*:*:*:*:*

References

Link	Resource
https://github.com/meetecho/janus-gateway/pull/1994	Patch Third Party Advisory

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2020-03-14T19:06:58

Updated: 2020-03-14T19:06:58

Reserved: 2020-03-14T00:00:00

Link: CVE-2020-10575

JSON object: View

NVD Information

Status : Analyzed

Published: 2020-03-14T20:15:12.737

Modified: 2020-03-18T14:01:35.950

Link: CVE-2020-10575

JSON object: View

Redhat Information

No data.

CWE

CWE-362

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:meetecho:janus:*:*:*:*:*:*:*:*", "matchCriteriaId": "39BBC28E-B90A-4931-A3EB-02D6A551CE7B", "versionEndIncluding": "0.9.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Janus through 0.9.1. plugins/janus_videocall.c in the VideoCall plugin mishandles session management because a race condition causes some references to be freed too early or too many times."}, {"lang": "es", "value": "Se detect\u00f3 un problema en Janus versiones hasta 0.9.1. El archivo plugins/janus_videocall.c en el plugin VideoCall maneja inapropiadamente la administraci\u00f3n de la sesi\u00f3n porque una condici\u00f3n de carrera causa que algunas referencias sean liberadas demasiado pronto o muchas veces."}], "id": "CVE-2020-10575", "lastModified": "2020-03-18T14:01:35.950", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "HIGH", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 4.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:H/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 4.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": true}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.2, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 2.5, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2020-03-14T20:15:12.737", "references": [{"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/meetecho/janus-gateway/pull/1994"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-362"}], "source": "nvd@nist.gov", "type": "Primary"}]}