CVE-2020-13898 : Security Advisory and Response

An issue was discovered in janus-gateway (aka Janus WebRTC Server) through 0.10.0. janus_sdp_process in sdp.c has a NULL pointer dereference.

Understanding CVE-2020-13898

This CVE involves a vulnerability in janus-gateway that can lead to a NULL pointer dereference.

What is CVE-2020-13898?

The vulnerability in janus-gateway through version 0.10.0 allows attackers to trigger a NULL pointer dereference in the janus_sdp_process function in sdp.c.

The Impact of CVE-2020-13898

The NULL pointer dereference issue can potentially lead to a denial of service (DoS) condition or other forms of exploitation by malicious actors.

Technical Details of CVE-2020-13898

This section provides more in-depth technical details about the CVE.

Vulnerability Description

The vulnerability involves a NULL pointer dereference in the janus_sdp_process function within the sdp.c file of janus-gateway.

Affected Systems and Versions

Product: janus-gateway (Janus WebRTC Server)
Versions affected: up to and including 0.10.0

Exploitation Mechanism

Attackers can exploit this vulnerability by crafting specific requests to trigger the NULL pointer dereference in the janus_sdp_process function.

Mitigation and Prevention

To address CVE-2020-13898, follow these mitigation strategies:

Immediate Steps to Take

Update janus-gateway to a version that includes a patch for the NULL pointer dereference vulnerability.
Monitor network traffic for any signs of exploitation attempts targeting this vulnerability.

Long-Term Security Practices

Regularly update and patch software to prevent known vulnerabilities from being exploited.
Implement network security measures to detect and block malicious traffic targeting vulnerable systems.

Patching and Updates

Stay informed about security updates for janus-gateway and promptly apply patches to mitigate the risk of exploitation.