Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Remote unauthenticated peer triggers the overflow during handshake with no user interaction (AV:N/AC:L/PR:N/UI:N); impact is a crash only, so C:N/I:N/A:H.
Primary rating from Vendor (redhat).
CVSS VectorVendor: redhat
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Lifecycle Timeline
2DescriptionCVE.org
A stack buffer overflow vulnerability was found in GStreamer's DTLS plugin. During a DTLS handshake, the peer certificate Subject Distinguished Name is printed into a fixed-size 2048-byte stack buffer without bounds checking. A remote unauthenticated attacker can send a certificate with an oversized Subject DN that exceeds the buffer, causing a stack buffer overflow and process crash, resulting in denial of service.
AnalysisAI
Denial of service in GStreamer's DTLS plugin allows a remote unauthenticated attacker to crash any application that performs a DTLS handshake (notably WebRTC/webrtcbin pipelines) by presenting a TLS certificate with an oversized Subject Distinguished Name. The Subject DN is written into a fixed 2048-byte stack buffer with no bounds checking (CWE-121), and overflowing it corrupts the stack and terminates the process. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Attack ChainAIDerived
Hypothetical attack flow derived from CVE metadata
Vulnerability AssessmentAI
| Exploitation | Exploitation requires that the target application actually run the GStreamer DTLS plugin and perform a DTLS handshake with an attacker-controlled peer - i.e., a WebRTC/DTLS-terminating deployment (webrtcbin/dtls elements) reachable by the attacker. … Additional conditions and limiting factors are described in the full assessment. |
| Risk Assessment | The signals are consistent and point to a genuine but bounded (availability-only) risk. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in. |
| Exploit Scenario | An attacker points a malicious DTLS/WebRTC peer at a GStreamer-based media endpoint (for example a webrtcbin-powered conferencing SFU) and initiates a handshake, presenting a certificate whose Subject Distinguished Name is padded well beyond 2048 bytes. When the DTLS plugin formats the DN into its fixed stack buffer, the overflow corrupts the stack and crashes the media process, dropping all active sessions. … |
| Remediation | Upstream fix available (PR/commit); released patched version not independently confirmed - apply the GStreamer security update once your distribution ships it. … Detailed patch versions, workarounds, and compensating controls in full report. |
Recommended ActionAI
Within 24 hours: Inventory all applications and services using GStreamer DTLS plugin, particularly WebRTC deployments. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
More in Red Hat Enterprise Linux 10
View allRemote code execution in Cockpit's web interface allows unauthenticated attackers to execute arbitrary commands on the h
Remote code execution in Samba's printing subsystem allows remote attackers to inject arbitrary shell commands via craft
Remote code execution and privilege escalation in HPLIP (HP Linux Imaging and Printing) affects the hpcups print filter
HTTP request smuggling in Undertow (the embedded web server underpinning JBoss EAP, Red Hat Data Grid, and Apache Camel
HTTP request smuggling in Red Hat Undertow allows remote unauthenticated attackers to bypass front-end security controls
Out-of-bounds read in the GnuTLS DTLS handshake reassembly logic lets remote unauthenticated attackers trigger an intege
HTTP request smuggling in Undertow allows remote unauthenticated attackers to send `\r\r\r` as a header block terminator
Denial of service in Red Hat / 389 Directory Server (389-ds-base, versions since ~1.3.2/2013) allows an authenticated LD
Local-to-domain-wide root privilege escalation in SSSD's LDAP sudo provider allows an authenticated LDAP directory user
Heap buffer overflow in GStreamer's librfb (RFB/VNC client) allows a malicious VNC server to corrupt heap memory on a co
Information disclosure and denial of service in GnuTLS (libgnutls) let a remote, unauthenticated attacker trigger a heap
Remote denial-of-service in libssh 0.11.x and earlier allows unauthenticated attackers to crash SSH server daemon proces
Same weakness CWE-121 – Stack-based Buffer Overflow
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-42570
GHSA-f48p-mg4r-fhww