Headline
CVE-2021-43845: Merge pull request from GHSA-r374-qrwv-86hh · pjsip/pjproject@f74c1fc
PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious actor can send a RTCP XR message with an invalid packet size.
@@ -436,16 +436,32 @@ void pjmedia_rtcp_xr_rx_rtcp_xr( pjmedia_rtcp_xr_session *sess,
if (rb_len) {
switch (rb_hdr->bt) {
case BT_RR_TIME:
rb_rr_time = (pjmedia_rtcp_xr_rb_rr_time*) rb_hdr;
if ((char*)rb_hdr + sizeof(*rb_rr_time) <=
(char*)pkt + size)
{
rb_rr_time = (pjmedia_rtcp_xr_rb_rr_time*)rb_hdr;
}
break;
case BT_DLRR:
rb_dlrr = (pjmedia_rtcp_xr_rb_dlrr*) rb_hdr;
if ((char*)rb_hdr + sizeof(*rb_dlrr) <=
(char*)pkt + size)
{
rb_dlrr = (pjmedia_rtcp_xr_rb_dlrr*)rb_hdr;
}
break;
case BT_STATS:
rb_stats = (pjmedia_rtcp_xr_rb_stats*) rb_hdr;
if ((char*)rb_hdr + sizeof(*rb_stats) <=
(char*)pkt + size)
{
rb_stats = (pjmedia_rtcp_xr_rb_stats*)rb_hdr;
}
break;
case BT_VOIP_METRICS:
rb_voip_mtc = (pjmedia_rtcp_xr_rb_voip_mtc*) rb_hdr;
if ((char*)rb_hdr + sizeof(*rb_voip_mtc) <=
(char*)pkt + size)
{
rb_voip_mtc = (pjmedia_rtcp_xr_rb_voip_mtc*)rb_hdr;
}
break;
default:
break;
Related news
Ubuntu Security Notice 6422-2 - It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service.
Ubuntu Security Notice 6422-1 - It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to execute arbitrary code. It was discovered that Ring incorrectly handled certain inputs. If a user or an automated system were tricked into opening a specially crafted input file, a remote attacker could possibly use this issue to cause a denial of service. This issue only affected Ubuntu 18.04 LTS and Ubuntu 20.04 LTS.
Debian Linux Security Advisory 5285-1 - Multiple security vulnerabilities have been found in Asterisk, an Open Source Private Branch Exchange. Buffer overflows and other programming errors could be exploited for information disclosure or the execution of arbitrary code.
Gentoo Linux Security Advisory 202210-37 - Multiple vulnerabilities have been found in PJSIP, the worst of which could result in arbitrary code execution. Versions less than 2.12.1 are affected.