Security News > 2022 > March > Critical Bugs Reported in Popular Open Source PJSIP SIP and Media Stack

Critical Bugs Reported in Popular Open Source PJSIP SIP and Media Stack
2022-03-01 23:10

"Buffers used in PJSIP typically have limited sizes, especially the ones allocated in the stack or supplied by the application, however in several places, we do not check if our usage can exceed the sizes," PJSIP's developer Sauw Ming noted in an advisory posted on GitHub last month, a scenario that could result in buffer overflows.

CVE-2021-43299 - Stack overflow in PJSUA API when calling pjsua player create().

CVE-2021-43300 - Stack overflow in PJSUA API when calling pjsua recorder create().

CVE-2021-43301 - Stack overflow in PJSUA API when calling pjsua playlist create().

CVE-2021-43302 - Read out-of-bounds in PJSUA API when calling pjsua recorder create().

CVE-2021-43303 - Buffer overflow in PJSUA API when calling pjsua call dump().


News URL

https://thehackernews.com/2022/03/critical-bugs-reported-in-popular-open.html

Related Vulnerability

DATE CVE VULNERABILITY TITLE RISK
2022-02-16 CVE-2021-43303 Classic Buffer Overflow vulnerability in multiple products
Buffer overflow in PJSUA API when calling pjsua_call_dump.
network
low complexity
teluu debian CWE-120
critical
9.8
2022-02-16 CVE-2021-43302 Out-of-bounds Read vulnerability in multiple products
Read out-of-bounds in PJSUA API when calling pjsua_recorder_create.
network
low complexity
teluu debian CWE-125
critical
9.1
2022-02-16 CVE-2021-43301 Stack-based Buffer Overflow vulnerability in multiple products
Stack overflow in PJSUA API when calling pjsua_playlist_create.
network
low complexity
teluu debian CWE-121
critical
9.8
2022-02-16 CVE-2021-43300 Stack-based Buffer Overflow vulnerability in multiple products
Stack overflow in PJSUA API when calling pjsua_recorder_create.
network
low complexity
teluu debian CWE-121
critical
9.8
2022-02-16 CVE-2021-43299 Stack-based Buffer Overflow vulnerability in multiple products
Stack overflow in PJSUA API when calling pjsua_player_create.
network
low complexity
teluu debian CWE-121
critical
9.8

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Pjsip 2 0 0 2 5 7