CVE-2021-43845

Опубликовано: 27 дек. 2021

Источник: ubuntu

Приоритет: medium

EPSS Низкий

CVSS2: 6.4

CVSS3: 8.2

Описание

PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious actor can send a RTCP XR message with an invalid packet size.

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	needs-triage
esm-apps/bionic	needs-triage
esm-apps/focal	needs-triage
esm-apps/jammy	needs-triage
esm-apps/noble	needs-triage
esm-apps/xenial	needs-triage
focal	ignored	end of standard support, was needs-triage
impish	ignored	end of life
jammy	needs-triage

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
esm-apps/bionic	needs-triage
esm-apps/xenial	needs-triage
trusty	ignored	end of standard support
upstream	needs-triage
xenial	ignored	end of standard support

Показывать по

Релиз	Статус	Примечание
bionic	ignored	end of standard support, was needs-triage
devel	DNE
esm-apps/bionic	released	20180228.1.503da2b~ds1-1ubuntu0.1~esm1
esm-apps/focal	released	20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1
focal	released	20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1
impish	ignored	end of life
lunar	not-affected	20230206.0~ds1-5
mantic	not-affected	20230206.0~ds2-1.3
noble	DNE
oracular	DNE

Показывать по

Ссылки на источники

EPSS

Процентиль: 52%

0.00286

Низкий

6.4 Medium

CVSS2

8.2 High

CVSS3

Связанные уязвимости

CVE-2021-43845

CVSS3: 8.2

nvd

около 4 лет назад

CVE-2021-43845

CVSS3: 8.2

debian

около 4 лет назад

PJSIP is a free and open source multimedia communication library. In v ...

EPSS

Процентиль: 52%

0.00286

Низкий

6.4 Medium

CVSS2

8.2 High

CVSS3

CVE-2021-43845

Описание

Пакет asterisk

Пакет pjproject

Пакет ring

Ссылки на источники

Связанные уязвимости