VDB
CVE-2021-43303
CVE-2021-43303
PUBLISHED
CVSS 9.800000190734863 CRITICAL
Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer, regardless of the 'maxlen' argument supplied
EPSS 0.43% · 62.7th percentile
Risk Scores
CVSS v3.1
9.800000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score
0.43%
62.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| teluu | pjsip | unspecified, 0 |
| debian | debian_linux | 10.0, 11.0, 9.0 |
Timeline
- Feb 16, 2022 CVE Published
- Feb 17, 2022 EPSS Score
- Apr 10, 2022 EPSS Score
- Jun 1, 2022 EPSS Score
- Sep 14, 2022 EPSS Score
- Nov 5, 2022 EPSS Score
- Dec 27, 2022 EPSS Score
- Feb 17, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 11, 2023 EPSS Score
- Jul 24, 2023 EPSS Score
- Sep 14, 2023 EPSS Score
References
- https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 url
- [debian-lts-announce] 20220328 [SECURITY] [DLA 2962-1] pjproject security update mailing-list
- [debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update mailing-list
- DSA-5285 vendor-advisory
- [debian-lts-announce] 20230829 [SECURITY] [DLA 3549-1] ring security update mailing-list
- https://lists.debian.org/debian-lts-announce/2024/09/msg00030.html url
- https://nvd.nist.gov/vuln/detail/CVE-2021-43303 advisory