ring:sid is vulnerable to Heap-Based Buffer Overflow. An attacker is able to cause buffer over read by parsing a specially crafted STUN message with unknown attribute via multiple functions. This only affects applications using STUN
including PJNATH
and PJSUA-LIB
.
github.com/pjsip/pjproject/commit/bc4812d31a67d5e2f973fbfaf950d6118226cf36
github.com/pjsip/pjproject/security/advisories/GHSA-9pfh-r8x4-w26w
github.com/pjsip/pjproject/security/advisories/GHSA-cxwq-5g9x-x7fr
lists.debian.org/debian-lts-announce/2023/08/msg00038.html
security-tracker.debian.org/tracker/CVE-2022-23547