Home

CVE-2021-43804

Description

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming RTCP BYE message contains a reasons length, this declared length is not checked against the actual received packet size, potentially resulting in an out-of-bound read access. This issue affects all users that use PJMEDIA and RTCP. A malicious actor can send a RTCP BYE message with an invalid reason length. Users are advised to upgrade as soon as possible. There are no known workarounds.

Risk Information

Base Score
7.3
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
EPSS Score
Exploitation Probability
0.3

Associated Vulnerability

VulnerabilityOS Platform
asterisk security update(DSA-5285-1) asterisk_16.28.0~dfsg-0+deb11u1_amd64.debLinux
Secure and distributed voice, video, and chat platform (USN-6422-1) jami_20230206.0~ds1-5ubuntu0.1_amd64.debLinux
Secure and distributed voice, video, and chat platform (USN-6422-1) jami_20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1_amd64.debLinux
Secure and distributed voice, video, and chat platform (USN-6422-1) ring_20180228.1.503da2b~ds1-1build1_i386.debLinux
Secure and distributed voice, video, and chat platform (USN-6422-1) ring_20180228.1.503da2b~ds1-1build1_amd64.debLinux
Secure and distributed voice, video, and chat platform (USN-6422-1) ring_20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1_all.debLinux
Secure and distributed voice, video, and chat platform (USN-6422-1) jami-daemon_20230206.0~ds1-5ubuntu0.1_amd64.debLinux
Secure and distributed voice, video, and chat platform (USN-6422-1) jami-daemon_20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1_amd64.debLinux
Secure and distributed voice, video, and chat platform (USN-6422-1) ring-daemon_20180228.1.503da2b~ds1-1build1_i386.debLinux
Secure and distributed voice, video, and chat platform (USN-6422-1) ring-daemon_20180228.1.503da2b~ds1-1build1_amd64.debLinux
Secure and distributed voice, video, and chat platform (USN-6422-1) ring-daemon_20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1_all.debLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234