CVE-2021-37706
Potential integer underflow upon receiving STUN message in PJSIP
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine. Users are advised to upgrade as soon as possible. There are no known workarounds.
PJSIP es una biblioteca de comunicación multimedia gratuita y de código abierto escrita en lenguaje C que implementa protocolos basados en estándares como SIP, SDP, RTP, STUN, TURN e ICE. En las versiones afectadas, si el mensaje STUN entrante contiene un atributo ERROR-CODE, no se comprueba la longitud del encabezado antes de llevar a cabo una operación de sustracción, resultando en un escenario de desbordamiento de enteros. Este problema afecta a todos los usuarios que usan STUN. Un actor malicioso situado en la red de la víctima puede falsificar y enviar un mensaje UDP (STUN) especialmente diseñado que podría ejecutar remotamente código arbitrario en la máquina de la víctima. Se aconseja a usuarios que actualicen lo antes posible. No se presentan soluciones conocidas
CVSS Scores
SSVC
- Decision:-
Timeline
- 2021-07-29 CVE Reserved
- 2021-12-22 CVE Published
- 2024-08-04 CVE Updated
- 2024-09-06 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-191: Integer Underflow (Wrap or Wraparound)
CAPEC
References (9)
URL | Tag | Source |
---|---|---|
http://packetstormsecurity.com/files/166225/Asterisk-Project-Security-Advisory-AST-2022-004.html | Third Party Advisory | |
https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html | Mailing List | |
https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html | Mailing List | |
https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html | Mailing List |
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://security.gentoo.org/glsa/202210-37 | 2023-08-30 | |
https://www.debian.org/security/2022/dsa-5285 | 2023-08-30 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Teluu Search vendor "Teluu" | Pjsip Search vendor "Teluu" for product "Pjsip" | <= 2.11.1 Search vendor "Teluu" for product "Pjsip" and version " <= 2.11.1" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | < 16.8.0 Search vendor "Asterisk" for product "Certified Asterisk" and version " < 16.8.0" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 16.8.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "16.8.0" | - |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 16.8.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "16.8.0" | cert1 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 16.8.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "16.8.0" | cert10 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 16.8.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "16.8.0" | cert11 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 16.8.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "16.8.0" | cert12 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 16.8.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "16.8.0" | cert2 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 16.8.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "16.8.0" | cert3 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 16.8.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "16.8.0" | cert4 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 16.8.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "16.8.0" | cert5 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 16.8.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "16.8.0" | cert6 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 16.8.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "16.8.0" | cert7 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 16.8.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "16.8.0" | cert8 |
Affected
| ||||||
Asterisk Search vendor "Asterisk" | Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk" | 16.8.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "16.8.0" | cert9 |
Affected
| ||||||
Sangoma Search vendor "Sangoma" | Asterisk Search vendor "Sangoma" for product "Asterisk" | >= 16.0.0 < 16.24.1 Search vendor "Sangoma" for product "Asterisk" and version " >= 16.0.0 < 16.24.1" | - |
Affected
| ||||||
Sangoma Search vendor "Sangoma" | Asterisk Search vendor "Sangoma" for product "Asterisk" | >= 18.0.0 < 18.10.1 Search vendor "Sangoma" for product "Asterisk" and version " >= 18.0.0 < 18.10.1" | - |
Affected
| ||||||
Sangoma Search vendor "Sangoma" | Asterisk Search vendor "Sangoma" for product "Asterisk" | >= 19.0.0 < 19.2.1 Search vendor "Sangoma" for product "Asterisk" and version " >= 19.0.0 < 19.2.1" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0" | - |
Affected
| ||||||
Debian Search vendor "Debian" | Debian Linux Search vendor "Debian" for product "Debian Linux" | 10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0" | - |
Affected
|