Skip to main content

GStreamer CVE-2026-59692

| EUVDEUVD-2026-42570 HIGH
Stack-based Buffer Overflow (CWE-121)
2026-07-09 redhat GHSA-f48p-mg4r-fhww
7.5
CVSS 3.1 · Vendor: redhat
Share

Severity by source

Vendor (redhat) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vuln.today AI
7.5 HIGH

Remote unauthenticated peer triggers the overflow during handshake with no user interaction (AV:N/AC:L/PR:N/UI:N); impact is a crash only, so C:N/I:N/A:H.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N

Primary rating from Vendor (redhat).

CVSS VectorVendor: redhat

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 09, 2026 - 11:22 vuln.today
CVE Published
Jul 09, 2026 - 09:35 nvd
HIGH 7.5

DescriptionCVE.org

A stack buffer overflow vulnerability was found in GStreamer's DTLS plugin. During a DTLS handshake, the peer certificate Subject Distinguished Name is printed into a fixed-size 2048-byte stack buffer without bounds checking. A remote unauthenticated attacker can send a certificate with an oversized Subject DN that exceeds the buffer, causing a stack buffer overflow and process crash, resulting in denial of service.

AnalysisAI

Denial of service in GStreamer's DTLS plugin allows a remote unauthenticated attacker to crash any application that performs a DTLS handshake (notably WebRTC/webrtcbin pipelines) by presenting a TLS certificate with an oversized Subject Distinguished Name. The Subject DN is written into a fixed 2048-byte stack buffer with no bounds checking (CWE-121), and overflowing it corrupts the stack and terminates the process. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Reach DTLS-enabled GStreamer endpoint
Delivery
Initiate DTLS handshake as peer
Exploit
Present certificate with oversized Subject DN
Execution
DN copied into 2048-byte stack buffer
Persist
Stack buffer overflow corrupts memory
Impact
Media process crashes (denial of service)

Vulnerability AssessmentAI

Exploitation Exploitation requires that the target application actually run the GStreamer DTLS plugin and perform a DTLS handshake with an attacker-controlled peer - i.e., a WebRTC/DTLS-terminating deployment (webrtcbin/dtls elements) reachable by the attacker. … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The signals are consistent and point to a genuine but bounded (availability-only) risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An attacker points a malicious DTLS/WebRTC peer at a GStreamer-based media endpoint (for example a webrtcbin-powered conferencing SFU) and initiates a handshake, presenting a certificate whose Subject Distinguished Name is padded well beyond 2048 bytes. When the DTLS plugin formats the DN into its fixed stack buffer, the overflow corrupts the stack and crashes the media process, dropping all active sessions. …
Remediation Upstream fix available (PR/commit); released patched version not independently confirmed - apply the GStreamer security update once your distribution ships it. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all applications and services using GStreamer DTLS plugin, particularly WebRTC deployments. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

CVE-2026-4631 CRITICAL POC
9.8 Apr 07

Remote code execution in Cockpit's web interface allows unauthenticated attackers to execute arbitrary commands on the h

CVE-2026-4480 CRITICAL POC
9.0 May 26

Remote code execution in Samba's printing subsystem allows remote attackers to inject arbitrary shell commands via craft

CVE-2026-14544 CRITICAL
9.8 Jul 03

Remote code execution and privilege escalation in HPLIP (HP Linux Imaging and Printing) affects the hpcups print filter

CVE-2026-28369 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow (the embedded web server underpinning JBoss EAP, Red Hat Data Grid, and Apache Camel

CVE-2026-28368 CRITICAL
9.1 Mar 27

HTTP request smuggling in Red Hat Undertow allows remote unauthenticated attackers to bypass front-end security controls

CVE-2026-33845 CRITICAL
9.1 Apr 30

Out-of-bounds read in the GnuTLS DTLS handshake reassembly logic lets remote unauthenticated attackers trigger an intege

CVE-2026-28367 CRITICAL
9.1 Mar 27

HTTP request smuggling in Undertow allows remote unauthenticated attackers to send `\r\r\r` as a header block terminator

CVE-2026-11610 HIGH
8.8 Jul 07

Denial of service in Red Hat / 389 Directory Server (389-ds-base, versions since ~1.3.2/2013) allows an authenticated LD

CVE-2026-14474 HIGH
8.8 Jul 07

Local-to-domain-wide root privilege escalation in SSSD's LDAP sudo provider allows an authenticated LDAP directory user

CVE-2026-52720 HIGH
8.8 Jun 15

Heap buffer overflow in GStreamer's librfb (RFB/VNC client) allows a malicious VNC server to corrupt heap memory on a co

CVE-2026-5260 HIGH
8.2 May 26

Information disclosure and denial of service in GnuTLS (libgnutls) let a remote, unauthenticated attacker trigger a heap

CVE-2026-0966 HIGH
8.2 Mar 26

Remote denial-of-service in libssh 0.11.x and earlier allows unauthenticated attackers to crash SSH server daemon proces

Share

CVE-2026-59692 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy