Tags › CVE-2023-51275

rtpengine: denial of service via DTLS Hello packets during call initiation

Published on Dec 15, 2023 in CVE-2023-51275, rtpengine, denial of service, security advisory

Fixed versions: mr12.1.1.2, mr12.0.1.3, mr11.5.1.16, mr10.5.6.3, mr10.5.6.2, mr9.5.8.2, mr8.5.12.2
Enable Security Advisory: https://www.enablesecurity.com/advisories/ES2023-03-rtpengine-dtls-hello-race/
Vendor Patch: https://github.com/sipwise/rtpengine/commit/e969a79428ac4a15cdf1c0a1c6f266dbdc7e60b6
Other references: CVE-2023-51275
Tested vulnerable versions: mr11.5.1.6
Timeline:
- Report date: 2023-10-02
- Triaged: 2023-10-02
- Fix provided for testing: 2023-11-16
- Enable Security verified fix: 2023-12-14
- Vendor release with fix: 2023-12-14
- Enable Security advisory: 2023-12-15

TL;DR

When handling DTLS-SRTP for media setup, RTPEngine is susceptible to Denial of Service due to a race condition in the hello handshake phase of the DTLS protocol. This attack can be done continuously, thus denying new DTLS encrypted calls during the attack.

…

Tags › CVE-2023-51275

rtpengine: denial of service via DTLS Hello packets during call initiation

TL;DR

Subscribe