TROYANOSYVIRUS
Volver a CVEs

CVE-2021-43845

HIGH
8.2

Descripcion

PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious actor can send a RTCP XR message with an invalid packet size.

Detalles CVE

Puntuacion CVSS v3.18.2
SeveridadHIGH
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioNONE
Publicado12/27/2021
Ultima modificacion11/4/2025
Fuentenvd
Avistamientos honeypot0

Productos afectados

debian:debian_linuxteluu:pjsip

Debilidades (CWE)

CWE-125CWE-125

Referencias

https://github.com/pjsip/pjproject/commit/f74c1fc22b760d2a24369aa72c74c4a9ab985859(security-advisories@github.com)
https://github.com/pjsip/pjproject/pull/2924(security-advisories@github.com)
https://github.com/pjsip/pjproject/security/advisories/GHSA-r374-qrwv-86hh(security-advisories@github.com)
https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html(security-advisories@github.com)
https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html(security-advisories@github.com)
https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html(security-advisories@github.com)
https://security.gentoo.org/glsa/202210-37(security-advisories@github.com)
https://www.debian.org/security/2022/dsa-5285(security-advisories@github.com)
https://github.com/pjsip/pjproject/commit/f74c1fc22b760d2a24369aa72c74c4a9ab985859(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/pjsip/pjproject/pull/2924(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/pjsip/pjproject/security/advisories/GHSA-r374-qrwv-86hh(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2024/09/msg00030.html(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202210-37(af854a3a-2127-422b-91ae-364da2661108)
https://www.debian.org/security/2022/dsa-5285(af854a3a-2127-422b-91ae-364da2661108)

Correlaciones IOC

Sin correlaciones registradas

This product uses data from the NVD API but is not endorsed or certified by the NVD.