CVE-2021-43804

Опубликовано: 22 дек. 2021

Источник: ubuntu

Приоритет: medium

CVSS2: 7.5

CVSS3: 7.3

Описание

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming RTCP BYE message contains a reason's length, this declared length is not checked against the actual received packet size, potentially resulting in an out-of-bound read access. This issue affects all users that use PJMEDIA and RTCP. A malicious actor can send a RTCP BYE message with an invalid reason length. Users are advised to upgrade as soon as possible. There are no known workarounds.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
esm-apps/bionic	needs-triage
esm-apps/xenial	needs-triage
trusty	ignored	end of standard support
upstream	needs-triage
xenial	ignored	end of standard support

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	DNE
esm-apps/bionic	released	20180228.1.503da2b~ds1-1ubuntu0.1~esm1
esm-apps/focal	released	20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1
focal	released	20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1
impish	ignored	end of life
lunar	not-affected	20230206.0~ds1-5
mantic	not-affected	20230206.0~ds2-1.3
noble	DNE
oracular	DNE

Показывать по

Ссылки на источники

7.5 High

CVSS2

7.3 High

CVSS3

Связанные уязвимости

CVE-2021-43804

CVSS3: 7.3

nvd

около 4 лет назад

CVE-2021-43804

CVSS3: 7.3

debian

около 4 лет назад

PJSIP is a free and open source multimedia communication library writt ...

BDU:2022-01087

CVSS3: 7.3

fstec

около 4 лет назад

Уязвимость мультимедийной коммуникационной библиотеки PJSIP, связанная с выходом операции за границы буфера в памяти, позволяющая нарушителю выполнить произвольный код

7.5 High

CVSS2

7.3 High

CVSS3

CVE-2021-43804

Описание

Пакет pjproject

Пакет ring

Ссылки на источники

Связанные уязвимости