PT-2026-56199 · Red Hat · Red Hat Enterprise Linux 10+4

Publicado

2026-07-07

·

Atualizado

2026-07-07

·

CVE-2026-14935

CVSS v3.1

3.7

Baixa

VetorAV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
A logic vulnerability was found in GStreamer's webrtcbin component. The check sdp crypto() function contains an inverted boolean condition that causes it to accept remote SDP offers or answers that lack the required a=fingerprint attribute, while incorrectly rejecting those that include it. An attacker with the ability to intercept and modify WebRTC signaling messages could exploit this to bypass the SDP-level DTLS certificate fingerprint binding, weakening defenses against man-in-the-middle attacks on media streams.

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-14935

Produtos afetados

Red Hat Enterprise Linux 10
Red Hat Enterprise Linux 6
Red Hat Enterprise Linux 7
Red Hat Enterprise Linux 8
Red Hat Enterprise Linux 9