Headline
CVE-2022-21723: Prevent OOB read in multipart parsing
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, parsing an incoming SIP message that contains a malformed multipart can potentially cause out-of-bound read access. This issue affects all PJSIP users that accept SIP multipart. The patch is available as commit in the master branch. There are no known workarounds.
If incoming SIP message contains a malformed multipart, the process of parsing it in pjsip_multipart_parse() can potentially cause out-of-bound read access.
Impact
It affects all PJSIP users that accepts SIP multipart.
Patches
The patch is available as commit 077b465 in the master branch.
Other considerations
We were also considering of modifying the SIP multipart input buffer to create a temporary NULL sentinel within the buffer but decided not to. The downside of the approach is that we need exclusive access to the input buffer (which is currently not mentioned in the doc), so any app currently reading/processing the message at the same time will be affected.
For more information
If you have any questions or comments about this advisory:
Email us at [email protected]
Related news
Ubuntu Security Notice 6422-2 - It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6422-1 - It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Debian Linux Security Advisory 5285-1 - Multiple security vulnerabilities have been found in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for information disclosure or the execution of arbitrary code.
Gentoo Linux Security Advisory 202210-37 - Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. Versions less than 2.12.1 are affected.