CVE-2021-43804

🗓️ 22 Dec 2021 00:00:00Reported by GitHub_MType

cve🔗 web.nvd.nist.gov📰️ 3 Media mentions👁 110 Views

PJSIP library in affected versions allows out-of-bound read access via RTCP BYE message. Upgrade recommended

Reporter	Title	Published	Views	Family All 70
AlpineLinux	CVE-2021-43804	22 Dec 202100:00	–	alpinelinux
CNNVD	PJSIP 缓冲区错误漏洞	22 Dec 202100:00	–	cnnvd
Cvelist	CVE-2021-43804 Out-of-bounds read when parsing RTCP BYE message in PJSIP	22 Dec 202100:00	–	cvelist
Debian	[SECURITY] [DLA 2962-1] pjproject security update	28 Mar 202214:23	–	debian
Debian	[SECURITY] [DLA 3194-1] asterisk security update	17 Nov 202211:35	–	debian
Debian	[SECURITY] [DLA 3549-1] ring security update	29 Aug 202321:15	–	debian
Debian	[SECURITY] [DLA 3887-1] ring security update	15 Sep 202401:13	–	debian
Debian	[SECURITY] [DSA 5285-1] asterisk security update	17 Nov 202221:42	–	debian
Debian CVE	CVE-2021-43804	22 Dec 202100:00	–	debiancve
Tenable Nessus	Debian DLA-2962-1 : pjproject - LTS security update	30 Mar 202200:00	–	nessus

NVD

Vulners

Node

teluu pjsipRange≤2.11.1

Node

debian debian_linuxMatch9.0

debian debian_linuxMatch10.0

[
  {
    "vendor": "pjsip",
    "product": "pjproject",
    "versions": [
      {
        "version": "<= 2.11.1",
        "status": "affected"
      }
    ]
  }
]

Source	Link
debian	www.debian.org/security/2022/dsa-5285
github	www.github.com/pjsip/pjproject/security/advisories/GHSA-3qx3-cg72-wrh9
lists	www.lists.debian.org/debian-lts-announce/2023/08/msg00038.html
lists	www.lists.debian.org/debian-lts-announce/2022/11/msg00021.html
security	www.security.gentoo.org/glsa/202210-37
lists	www.lists.debian.org/debian-lts-announce/2022/03/msg00035.html
github	www.github.com/pjsip/pjproject/commit/8b621f192cae14456ee0b0ade52ce6c6f258af1e
lists	www.lists.debian.org/debian-lts-announce/2024/09/msg00030.html

04 Nov 2025 16:15Current

8.1High risk

Vulners AI Score8.1

CVSS 3.17.3

CVSS 27.5

EPSS0.003

CWE-125