CyberSec.Space Logo
返回 CVE 瀏覽器

CVE-2021-43300

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1900%
EPSS Percentile6.92th
Published2022年2月16日
Last Modified2025年11月4日

Vulnerability Description

Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.

Affected Platforms (CPE)

📦
Teluu

Pjsip

<= 2.11.1
💻
Debian

Debian Linux

= 9.0
💻
Debian

Debian Linux

= 10.0
💻
Debian

Debian Linux

= 11.0

References & Advisories

🔗 https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
🔗 https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
🔗 https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
🔗 https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
🔗 https://www.debian.org/security/2022/dsa-5285
🔗 https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
🔗 https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
🔗 https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html

相關漏洞威脅

CVE-2015-20039.8

The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finali...

CVE-2017-168729.8

An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SI...

CVE-2021-438458.2

PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain...

CVE-2014-84137.5

The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs ...

CVE-2021-43300 Detail & Impact Analysis | CVSS 9.8 (CRITICAL) | Cyber-Sec.Space | Cyber-Sec.Space