Lucene search

K
cvelistGitHub_MCVELIST:CVE-2021-43845
HistoryDec 27, 2021 - 12:00 a.m.

CVE-2021-43845 Prevent out-of-bounds read in PJSIP

2021-12-2700:00:00
CWE-125
GitHub_M
www.cve.org
2

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.7%

PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious actor can send a RTCP XR message with an invalid packet size.

CNA Affected

[
  {
    "vendor": "pjsip",
    "product": "pjproject",
    "versions": [
      {
        "version": "<= 2.11.1",
        "status": "affected"
      }
    ]
  }
]

8.2 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

LOW

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:L

9.5 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.7%