CVE-2021-43300 — Vulnetix

CVE-2021-43300 PUBLISHED CVSS 9.800000190734863 CRITICAL

Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.

EPSS 0.43% · 62.7th percentile

Risk Scores

CVSS v3.1

9.800000190734863

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Score

0.43%

62.7th percentile

Affected Products

Vendor	Product	Versions
teluu	pjsip	unspecified, 0
debian	debian_linux	9.0, 10.0, 11.0

Timeline

Feb 16, 2022 CVE Published
Feb 17, 2022 EPSS Score
Apr 10, 2022 EPSS Score
Jun 1, 2022 EPSS Score
Sep 14, 2022 EPSS Score
Nov 5, 2022 EPSS Score
Dec 27, 2022 EPSS Score
Feb 17, 2023 EPSS Score
Mar 7, 2023 EPSS Score
Apr 11, 2023 EPSS Score
Jul 24, 2023 EPSS Score
Sep 14, 2023 EPSS Score

References

https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 url
[debian-lts-announce] 20220328 [SECURITY] [DLA 2962-1] pjproject security update mailing-list
[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update mailing-list
DSA-5285 vendor-advisory
[debian-lts-announce] 20230829 [SECURITY] [DLA 3549-1] ring security update mailing-list
https://lists.debian.org/debian-lts-announce/2024/09/msg00030.html url
https://nvd.nist.gov/vuln/detail/CVE-2021-43300 advisory

Open in Interactive Console →