Vulnerabilities > CVE-2023-38703 - Use After Free vulnerability in Teluu Pjsip

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

teluu

CWE-416

critical

NVD

Published: 2023-10-06

Updated: 2023-12-29

Summary

PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce use-after-free issue. This vulnerability affects applications that have SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media transport other than UDP. This vulnerability’s impact may range from unexpected application termination to control flow hijack/memory corruption. The patch is available as a commit in the master branch.

Vulnerable Configurations

Part	Description	Count
Application	Teluu Teluu Pjsip 2.0 Teluu Pjsip 2.0.1 Teluu Pjsip 2.1 Teluu Pjsip 2.2 Teluu Pjsip 2.2.1 Teluu Pjsip 2.3 Teluu Pjsip 2.4 Teluu Pjsip 2.4.5 Teluu Pjsip 2.5 Teluu Pjsip 2.5.1 Teluu Pjsip 2.5.5 Teluu Pjsip 2.6 Teluu Pjsip 2.7 Teluu Pjsip 2.7.1 Teluu Pjsip 2.7.2 Teluu Pjsip 2.8 Teluu Pjsip 2.9 Teluu Pjsip 2.10 Teluu Pjsip 2.11 Teluu Pjsip 2.11.1 Teluu Pjsip 2.12 Teluu Pjsip 2.12.1	25

Common Weakness Enumeration (CWE)

CWE-416 - Use After Free

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References