CVE-2021-43845 Information

Description

PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior if incoming RTCP XR message contain block the data field is not checked against the received packet size potentially resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious actor can send a RTCP XR message with an invalid packet size.

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H

Reference

https://github.com/pjsip/pjproject/commit/f74c1fc22b760d2a24369aa72c74c4a9ab985859 https://github.com/pjsip/pjproject/security/advisories/GHSA-r374-qrwv-86hh https://github.com/pjsip/pjproject/pull/2924 https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html

Attack Complexity

LOW

Privileges Required

NONE

User Interaction Required

NONE

Scope

NONE

Confidentiality Impact

UNCHANGED

Integrity Impact

HIGH

Availability Impact

NONE

Base Score

HIGH

Base Severity

9.1