CVE-2021-43300
Description
Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled filename argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.
Risk Information
Base Score
9.8
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
Exploitation Probability
0.514
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| asterisk security update(DSA-5285-1) asterisk_16.28.0~dfsg-0+deb11u1_amd64.deb | Linux |
| Secure and distributed voice, video, and chat platform (USN-6422-1) jami_20230206.0~ds1-5ubuntu0.1_amd64.deb | Linux |
| Secure and distributed voice, video, and chat platform (USN-6422-1) jami_20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1_amd64.deb | Linux |
| Secure and distributed voice, video, and chat platform (USN-6422-1) ring_20180228.1.503da2b~ds1-1build1_i386.deb | Linux |
| Secure and distributed voice, video, and chat platform (USN-6422-1) ring_20180228.1.503da2b~ds1-1build1_amd64.deb | Linux |
| Secure and distributed voice, video, and chat platform (USN-6422-1) ring_20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1_all.deb | Linux |
| Secure and distributed voice, video, and chat platform (USN-6422-1) jami-daemon_20230206.0~ds1-5ubuntu0.1_amd64.deb | Linux |
| Secure and distributed voice, video, and chat platform (USN-6422-1) jami-daemon_20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1_amd64.deb | Linux |
| Secure and distributed voice, video, and chat platform (USN-6422-1) ring-daemon_20180228.1.503da2b~ds1-1build1_i386.deb | Linux |
| Secure and distributed voice, video, and chat platform (USN-6422-1) ring-daemon_20180228.1.503da2b~ds1-1build1_amd64.deb | Linux |
| Secure and distributed voice, video, and chat platform (USN-6422-1) ring-daemon_20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1_all.deb | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234