MidnightBSD

Advisories for webrtc_project

CVE-2016-1975 MEDIUM

Multiple race conditions in dom/media/systemservices/CamerasChild.cpp in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service (memory corruption) or possibly have unspecified other impact via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-362,

Products Affected

Vendor Product Version
mozilla firefox *
webrtc_project webrtc -
CVE-2016-1976 MEDIUM

Use-after-free vulnerability in the DesktopDisplayDevice class in the WebRTC implementation in Mozilla Firefox before 45.0 on Windows might allow remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors.

CVSS 2.0

Severity: MEDIUM

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
mozilla firefox *
webrtc_project webrtc -
CVE-2021-28681 MEDIUM

Pion WebRTC before 3.0.15 didn't properly tear down the DTLS Connection when certificate verification failed. The PeerConnectionState was set to failed, but a user could ignore that and continue to use the PeerConnection. )A WebRTC implementation shouldn't allow the user to continue if verification has failed.)

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N 3.9 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-863,

Products Affected

Vendor Product Version
webrtc_project webrtc *
CVE-2022-2294

Heap buffer overflow in WebRTC in Google Chrome prior to 103.0.5060.114 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.

Products Affected

Vendor Product Version
apple mac_os_x 10.15.7
webrtc_project webrtc -
apple tvos *
google chrome *
apple iphone_os *
fedoraproject extra_packages_for_enterprise_linux 8.0
wpewebkit wpe_webkit *
fedoraproject fedora 36
apple mac_os_x *
webkitgtk webkitgtk *
fedoraproject fedora 35
apple macos *
apple ipados *
apple watchos *