Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
In Sipwise rtpengine before 13.4.1.1, an origin-validation error in the endpoint-learning logic of the media-relay core allows remote attackers to inject or intercept RTP/SRTP media streams via RTP packets (except when the relay is configured for strict source and learning disabled). Version 13.4.1.1 fixes the heuristic mode by limiting exposure to the first five packets, and introduces a recrypt flag that fully prevents SRTP attacks when both mitigations are enabled.
CVSS Information
N/A
Vulnerability Type
源验证错误
Vulnerability Title
rtpengine 访问控制错误漏洞
Vulnerability Description
rtpengine是Sipwise开源的一个媒体代理软件。 rtpengine 13.4.1.1之前版本存在访问控制错误漏洞,该漏洞源于端点学习逻辑存在源验证错误,可能导致RTP/SRTP媒体流注入或拦截。
CVSS Information
N/A
Vulnerability Type
N/A