CVE-2021-43302

EUVD-2021-30245
Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause an out-of-bounds read when the filename is shorter than 4 characters.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
9.1 CRITICAL
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 59%
Affected Products (NVD)
VendorProductVersion
teluupjsip
𝑥
≤ 2.11.1
debiandebian_linux
9.0
debiandebian_linux
10.0
debiandebian_linux
11.0
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
asterisk
bullseye
1:16.28.0~dfsg-0+deb11u4
fixed
bullseye (security)
1:16.28.0~dfsg-0+deb11u5
fixed
sid
1:22.0.0~dfsg+~cs6.14.60671435-1
fixed
stretch
not-affected
ring
bookworm
20230206.0~ds2-1.1
fixed
bullseye
vulnerable
bullseye (security)
20210112.2.b757bac~ds1-1+deb11u1
fixed
sid
20231201.0~ds1-1
fixed
stretch
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
asterisk
bionic
needs-triage
focal
needs-triage
impish
ignored
jammy
needs-triage
kinetic
ignored
lunar
ignored
mantic
ignored
noble
needs-triage
trusty
ignored
xenial
needs-triage
pjproject
bionic
needs-triage
trusty
ignored
xenial
needs-triage
ring
bionic
Fixed 20180228.1.503da2b~ds1-1ubuntu0.1~esm1
released
focal
Fixed 20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1
released
impish
ignored
lunar
not-affected
mantic
not-affected
noble
dne
trusty
ignored
xenial
ignored
Common Weakness Enumeration
References
https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
https://www.debian.org/security/2022/dsa-5285
https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html
https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html
https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html
https://lists.debian.org/debian-lts-announce/2024/09/msg00030.html
https://www.debian.org/security/2022/dsa-5285