Security Advisory 2026-0062 (CVE-2026-59692)
|
|
| Summary |
Stack buffer overflow in DTLS certificate verification |
| Date |
2026-07-08 |
| Affected Versions |
GStreamer gst-plugins-bad < 1.28.5 |
| IDs |
GStreamer-SA-2026-0062 CVE-2026-59692 |
Details
A stack buffer overflow vulnerability in the DTLS connection implementation in gst-plugins-bad. The DTLS connection element used a fixed-size stack buffer to store the formatted Subject Distinguished Name (DN) of a peer certificate during DTLS handshake verification. The buffer size was not validated against the actual formatted length of the certificate Subject. A remote DTLS peer can send a certificate with a Subject DN that formats to more than the fixed buffer size, causing a stack-based out-of-bounds write.
Impact
An unauthenticated remote DTLS-SRTP or WebRTC peer can trigger a stack buffer overflow during the DTLS handshake by sending a certificate with an oversized Subject DN. This can result in process crash, data corruption, or potentially arbitrary code execution.
Solution
The gst-plugins-bad 1.28.5 release addresses the issue. People using older
versions of GStreamer should apply the patch and recompile.
References
The GStreamer project
CVE Database Entries
GStreamer 1.28.5 release
Patches