Описание
PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious actor can send a RTCP XR message with an invalid packet size.
Ссылки
- PatchThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- PatchThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
- PatchThird Party Advisory
- ExploitIssue TrackingPatchThird Party Advisory
- PatchThird Party Advisory
- Mailing ListThird Party Advisory
- Mailing ListThird Party Advisory
- Third Party Advisory
- Third Party Advisory
Уязвимые конфигурации
Одно из
EPSS
8.2 High
CVSS3
9.1 Critical
CVSS3
6.4 Medium
CVSS2
Дефекты
Связанные уязвимости
PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious actor can send a RTCP XR message with an invalid packet size.
PJSIP is a free and open source multimedia communication library. In v ...
EPSS
8.2 High
CVSS3
9.1 Critical
CVSS3
6.4 Medium
CVSS2