Prevent out-of-bounds read in PJSIP
CVE-2021-43845

8.2HIGH

Key Information:

Vendor: Pjsip
Status: Pjproject
Vendor: CVE Published:; 27 December 2021

What is CVE-2021-43845?

PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious actor can send a RTCP XR message with an invalid packet size.

Affected Version(s)

pjproject <= 2.11.1

References

https://github.com/pjsip/pjproject/security/advisories/GH...

https://github.com/pjsip/pjproject/pull/2924

https://github.com/pjsip/pjproject/commit/f74c1fc22b760d2...

CVSS V3.1

Score:

8.2

Severity:

HIGH

Confidentiality:

High

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 27, 2021
Vulnerability Reserved
Nov 16, 2021

CVE-2021-43845 Data

JSON

Pjsip

What is CVE-2021-43845?

Affected Version(s)

References

CVSS V3.1

Timeline