Security News > 2022 > March > Critical Bugs Reported in Popular Open Source PJSIP SIP and Media Stack
"Buffers used in PJSIP typically have limited sizes, especially the ones allocated in the stack or supplied by the application, however in several places, we do not check if our usage can exceed the sizes," PJSIP's developer Sauw Ming noted in an advisory posted on GitHub last month, a scenario that could result in buffer overflows.
CVE-2021-43299 - Stack overflow in PJSUA API when calling pjsua player create().
CVE-2021-43300 - Stack overflow in PJSUA API when calling pjsua recorder create().
CVE-2021-43301 - Stack overflow in PJSUA API when calling pjsua playlist create().
CVE-2021-43302 - Read out-of-bounds in PJSUA API when calling pjsua recorder create().
CVE-2021-43303 - Buffer overflow in PJSUA API when calling pjsua call dump().
News URL
https://thehackernews.com/2022/03/critical-bugs-reported-in-popular-open.html
Related Vulnerability
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2022-02-16 | CVE-2021-43303 | Classic Buffer Overflow vulnerability in multiple products Buffer overflow in PJSUA API when calling pjsua_call_dump. | 9.8 |
| 2022-02-16 | CVE-2021-43302 | Out-of-bounds Read vulnerability in multiple products Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. | 9.1 |
| 2022-02-16 | CVE-2021-43301 | Stack-based Buffer Overflow vulnerability in multiple products Stack overflow in PJSUA API when calling pjsua_playlist_create. | 9.8 |
| 2022-02-16 | CVE-2021-43300 | Stack-based Buffer Overflow vulnerability in multiple products Stack overflow in PJSUA API when calling pjsua_recorder_create. | 9.8 |
| 2022-02-16 | CVE-2021-43299 | Stack-based Buffer Overflow vulnerability in multiple products Stack overflow in PJSUA API when calling pjsua_player_create. | 9.8 |