CVE-2026-59692

Summary

A stack buffer overflow vulnerability was found in GStreamer's DTLS plugin. During a DTLS handshake, the peer certificate Subject Distinguished Name is printed into a fixed-size 2048-byte stack buffer without bounds checking. A remote unauthenticated attacker can send a certificate with an oversized Subject DN that exceeds the buffer, causing a stack buffer overflow and process crash, resulting in denial of service.

Affected Software

VendorProductVersion RangeStatus

Weaknesses

  • CWE-121: Stack-based Buffer Overflow

Workarounds

There is no complete mitigation for this vulnerability. The following measures can reduce risk:

  1. If WebRTC/DTLS functionality is not required, remove the DTLS plugin shared object from the GStreamer plugins directory (typically /usr/lib64/gstreamer-1.0/libgstdtls.so).
  2. Restrict network access to WebRTC/DTLS endpoints to trusted peers only via firewall rules.
  3. Deploy GStreamer WebRTC services behind a reverse proxy or media server that validates DTLS certificates before forwarding.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References