Full Disclosure mailing list archives

Novel DoS Vulnerability Affecting WebRTC Media Servers

From: Sandro Gauci via Fulldisclosure <fulldisclosure () seclists org>
Date: Wed, 26 Jun 2024 06:59:29 +0200

Dear Colleagues,

We have published a new blog post discussing a novel Denial-of-Service (DoS) vulnerability affecting WebRTC media 
servers.

## Executive summary (TL;DR)

A critical denial-of-service (DoS) vulnerability has been identified in media servers that process WebRTC’s DTLS-SRTP, 
specifically in their handling of ClientHello messages. This vulnerability arises from a race condition between ICE and 
DTLS traffic and can be exploited to disrupt media sessions, compromising the availability of real-time communication 
services. Mitigations include filtering packets based on ICE-validated IP and port combinations. The article also 
indicates safe testing methods and strategies for detecting the attack.

--

You can read the full article here: 
https://www.rtcsec.com/article/novel-dos-vulnerability-affecting-webrtc-media-servers/

Best regards,

--
 
    Sandro Gauci, CEO at Enable Security GmbH

    Register of Companies:       AG Charlottenburg HRB 173016 B
    Company HQ:                       Neuburger Straße 101 b, 94036 Passau, Germany
    RTCSec Newsletter:               https://www.rtcsec.com/subscribe
    Our blog:                                https://www.rtcsec.com
    Other points of contact:       https://www.enablesecurity.com/contact/
_______________________________________________
Sent through the Full Disclosure mailing list
https://nmap.org/mailman/listinfo/fulldisclosure
Web Archives & RSS: https://seclists.org/fulldisclosure/

Current thread:

Novel DoS Vulnerability Affecting WebRTC Media Servers Sandro Gauci via Fulldisclosure (Jul 03)