CyberSec.Space Logo
Back to CVE Browser

CVE-2021-43300

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1900%
EPSS Percentile6.92th
PublishedFeb 16, 2022
Last ModifiedNov 4, 2025

Vulnerability Description

Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.

Affected Platforms (CPE)

πŸ“¦
Teluu

Pjsip

<= 2.11.1
πŸ’»
Debian

Debian Linux

= 9.0
πŸ’»
Debian

Debian Linux

= 10.0
πŸ’»
Debian

Debian Linux

= 11.0

References & Advisories

πŸ”— https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
πŸ”— https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
πŸ”— https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
πŸ”— https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
πŸ”— https://www.debian.org/security/2022/dsa-5285
πŸ”— https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
πŸ”— https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
πŸ”— https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html

Related Vulnerabilities

CVE-2015-20039.8

The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finali...

CVE-2017-168729.8

An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SI...

CVE-2021-438458.2

PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain...

CVE-2014-84137.5

The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs ...