Security News > 2022 > March > Critical Bugs Reported in Popular Open Source PJSIP SIP and Media Stack

Critical Bugs Reported in Popular Open Source PJSIP SIP and Media Stack
2022-03-01 23:10

"Buffers used in PJSIP typically have limited sizes, especially the ones allocated in the stack or supplied by the application, however in several places, we do not check if our usage can exceed the sizes," PJSIP's developer Sauw Ming noted in an advisory posted on GitHub last month, a scenario that could result in buffer overflows.

CVE-2021-43299 - Stack overflow in PJSUA API when calling pjsua player create().

CVE-2021-43300 - Stack overflow in PJSUA API when calling pjsua recorder create().

CVE-2021-43301 - Stack overflow in PJSUA API when calling pjsua playlist create().

CVE-2021-43302 - Read out-of-bounds in PJSUA API when calling pjsua recorder create().

CVE-2021-43303 - Buffer overflow in PJSUA API when calling pjsua call dump().


News URL

https://thehackernews.com/2022/03/critical-bugs-reported-in-popular-open.html

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Pjsip 2 0 0 2 5 7