Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.
References
Link | Resource |
---|---|
https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html | |
https://www.debian.org/security/2022/dsa-5285 | Third Party Advisory |
https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 | Patch Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html | Mailing List Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html | |
https://www.debian.org/security/2022/dsa-5285 | Third Party Advisory |
Configurations
History
21 Nov 2024, 06:29
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 - Patch, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html - Mailing List, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html - Mailing List, Third Party Advisory | |
References | () https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html - | |
References | () https://www.debian.org/security/2022/dsa-5285 - Third Party Advisory |
30 Aug 2023, 01:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
CWE | CWE-121 |
Information
Published : 2022-02-16 21:15
Updated : 2024-11-21 06:29
NVD link : CVE-2021-43300
Mitre link : CVE-2021-43300
CVE.ORG link : CVE-2021-43300
JSON object : View
Products Affected
teluu
- pjsip
debian
- debian_linux