Description
A stack buffer overflow vulnerability was found in GStreamer's DTLS plugin. During a DTLS handshake, the peer certificate Subject Distinguished Name is printed into a fixed-size 2048-byte stack buffer without bounds checking. A remote unauthenticated attacker can send a certificate with an oversized Subject DN that exceeds the buffer, causing a stack buffer overflow and process crash, resulting in denial of service.
Published: 2026-07-09
Score: 7.5 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Analysis and contextual insights are available on OpenCVE Cloud.

Remediation

Vendor Workaround

There is no complete mitigation for this vulnerability. The following measures can reduce risk: 1. If WebRTC/DTLS functionality is not required, remove the DTLS plugin shared object from the GStreamer plugins directory (typically /usr/lib64/gstreamer-1.0/libgstdtls.so). 2. Restrict network access to WebRTC/DTLS endpoints to trusted peers only via firewall rules. 3. Deploy GStreamer WebRTC services behind a reverse proxy or media server that validates DTLS certificates before forwarding.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 09 Jul 2026 15:30:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 09 Jul 2026 12:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Important


Thu, 09 Jul 2026 10:45:00 +0000

Type Values Removed Values Added
Description A stack buffer overflow vulnerability was found in GStreamer's DTLS plugin. During a DTLS handshake, the peer certificate Subject Distinguished Name is printed into a fixed-size 2048-byte stack buffer without bounds checking. A remote unauthenticated attacker can send a certificate with an oversized Subject DN that exceeds the buffer, causing a stack buffer overflow and process crash, resulting in denial of service.
Title Gstreamer: gstreamer: dtls certificate subject dn stack buffer overflow in openssl_verify_callback
First Time appeared Redhat
Redhat enterprise Linux
Weaknesses CWE-121
CPEs cpe:/o:redhat:enterprise_linux:10
cpe:/o:redhat:enterprise_linux:6
cpe:/o:redhat:enterprise_linux:7
cpe:/o:redhat:enterprise_linux:8
cpe:/o:redhat:enterprise_linux:9
Vendors & Products Redhat
Redhat enterprise Linux
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}


Subscriptions

Redhat Enterprise Linux
cve-icon MITRE

Status: PUBLISHED

Assigner: redhat

Published:

Updated: 2026-07-09T14:39:16.678Z

Reserved: 2026-07-06T13:40:46.923Z

Link: CVE-2026-59692

cve-icon Vulnrichment

Updated: 2026-07-09T13:33:52.278Z

cve-icon NVD

No data.

cve-icon Redhat

Severity : Important

Publid Date: 2026-07-08T00:00:00Z

Links: CVE-2026-59692 - Bugzilla

cve-icon OpenCVE Enrichment

No data.

Weaknesses