CVE-2021-37706

Potential integer underflow upon receiving STUN message in PJSIP

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine. Users are advised to upgrade as soon as possible. There are no known workarounds.

PJSIP es una biblioteca de comunicación multimedia gratuita y de código abierto escrita en lenguaje C que implementa protocolos basados en estándares como SIP, SDP, RTP, STUN, TURN e ICE. En las versiones afectadas, si el mensaje STUN entrante contiene un atributo ERROR-CODE, no se comprueba la longitud del encabezado antes de llevar a cabo una operación de sustracción, resultando en un escenario de desbordamiento de enteros. Este problema afecta a todos los usuarios que usan STUN. Un actor malicioso situado en la red de la víctima puede falsificar y enviar un mensaje UDP (STUN) especialmente diseñado que podría ejecutar remotamente código arbitrario en la máquina de la víctima. Se aconseja a usuarios que actualicen lo antes posible. No se presentan soluciones conocidas

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

Attack Vector

Network

Attack Complexity

Medium

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2021-07-29 CVE Reserved
2021-12-22 CVE Published
2024-08-04 CVE Updated
2024-09-06 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-191: Integer Underflow (Wrap or Wraparound)

CAPEC

References (9)

URL	Tag	Source
http://packetstormsecurity.com/files/166225/Asterisk-Project-Security-Advisory-AST-2022-004.html	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html	Mailing List
https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html	Mailing List
https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html	Mailing List

URL	Date	SRC

URL	Date	SRC
http://seclists.org/fulldisclosure/2022/Mar/0	2023-08-30
https://github.com/pjsip/pjproject/commit/15663e3f37091069b8c98a7fce680dc04bc8e865	2023-08-30
https://github.com/pjsip/pjproject/security/advisories/GHSA-2qpg-f6wf-w984	2023-08-30

URL	Date	SRC
https://security.gentoo.org/glsa/202210-37	2023-08-30
https://www.debian.org/security/2022/dsa-5285	2023-08-30

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Teluu Search vendor "Teluu"		Pjsip Search vendor "Teluu" for product "Pjsip"				<= 2.11.1 Search vendor "Teluu" for product "Pjsip" and version " <= 2.11.1"		-		Affected
Asterisk Search vendor "Asterisk"		Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk"				< 16.8.0 Search vendor "Asterisk" for product "Certified Asterisk" and version " < 16.8.0"		-		Affected
Asterisk Search vendor "Asterisk"		Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk"				16.8.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "16.8.0"		-		Affected
Asterisk Search vendor "Asterisk"		Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk"				16.8.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "16.8.0"		cert1		Affected
Asterisk Search vendor "Asterisk"		Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk"				16.8.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "16.8.0"		cert10		Affected
Asterisk Search vendor "Asterisk"		Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk"				16.8.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "16.8.0"		cert11		Affected
Asterisk Search vendor "Asterisk"		Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk"				16.8.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "16.8.0"		cert12		Affected
Asterisk Search vendor "Asterisk"		Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk"				16.8.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "16.8.0"		cert2		Affected
Asterisk Search vendor "Asterisk"		Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk"				16.8.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "16.8.0"		cert3		Affected
Asterisk Search vendor "Asterisk"		Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk"				16.8.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "16.8.0"		cert4		Affected
Asterisk Search vendor "Asterisk"		Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk"				16.8.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "16.8.0"		cert5		Affected
Asterisk Search vendor "Asterisk"		Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk"				16.8.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "16.8.0"		cert6		Affected
Asterisk Search vendor "Asterisk"		Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk"				16.8.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "16.8.0"		cert7		Affected
Asterisk Search vendor "Asterisk"		Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk"				16.8.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "16.8.0"		cert8		Affected
Asterisk Search vendor "Asterisk"		Certified Asterisk Search vendor "Asterisk" for product "Certified Asterisk"				16.8.0 Search vendor "Asterisk" for product "Certified Asterisk" and version "16.8.0"		cert9		Affected
Sangoma Search vendor "Sangoma"		Asterisk Search vendor "Sangoma" for product "Asterisk"				>= 16.0.0 < 16.24.1 Search vendor "Sangoma" for product "Asterisk" and version " >= 16.0.0 < 16.24.1"		-		Affected
Sangoma Search vendor "Sangoma"		Asterisk Search vendor "Sangoma" for product "Asterisk"				>= 18.0.0 < 18.10.1 Search vendor "Sangoma" for product "Asterisk" and version " >= 18.0.0 < 18.10.1"		-		Affected
Sangoma Search vendor "Sangoma"		Asterisk Search vendor "Sangoma" for product "Asterisk"				>= 19.0.0 < 19.2.1 Search vendor "Sangoma" for product "Asterisk" and version " >= 19.0.0 < 19.2.1"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected