Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2021-37706HistoryDec 22, 2021 - 6:15 p.m.
CVE-2021-37706
2021-12-2218:15:00
Debian Security Bug Tracker
security-tracker.debian.org
19
0.018 Low
EPSS
Percentile
88.0%
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine. Users are advised to upgrade as soon as possible. There are no known workarounds.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 11 | all | asterisk | <Â 1:16.28.0~dfsg-0+deb11u1 | asterisk_1:16.28.0~dfsg-0+deb11u1_all.deb |
| Debian | 10 | all | asterisk | <Â 1:16.28.0~dfsg-0+deb10u1 | asterisk_1:16.28.0~dfsg-0+deb10u1_all.deb |
| Debian | 999 | all | asterisk | <Â 1:18.10.1~dfsg+~cs6.10.40431411-1 | asterisk_1:18.10.1~dfsg+~cs6.10.40431411-1_all.deb |
| Debian | 12 | all | ring | <=Â 20230206.0~ds2-1.1 | ring_20230206.0~ds2-1.1_all.deb |
| Debian | 11 | all | ring | <=Â 20210112.2.b757bac~ds1-1 | ring_20210112.2.b757bac~ds1-1_all.deb |
| Debian | 10 | all | ring | <Â 20190215.1.f152c98~ds1-1+deb10u2 | ring_20190215.1.f152c98~ds1-1+deb10u2_all.deb |
| Debian | 999 | all | ring | <Â 20230922.0~ds1-1 | ring_20230922.0~ds1-1_all.deb |
| Debian | 13 | all | ring | <Â 20230922.0~ds1-1 | ring_20230922.0~ds1-1_all.deb |
Related
cve
cve
CVE-2021-37706
2021-12-22 18:15:00
veracode
veracode
Remote Code Execution (RCE)
2022-03-12 12:52:40
alpinelinux
alpinelinux
CVE-2021-37706
2021-12-22 18:15:00
ubuntucve
ubuntucve
CVE-2021-37706
2021-12-22 00:00:00
osv
osv
CVE-2021-37706
2021-12-22 18:15:07
pjproject - security update
2022-03-28 00:00:00
ring vulnerabilities
2023-10-09 15:09:52
prion
prion
Integer overflow
2021-12-22 18:15:00
cvelist
cvelist
nessus
nessus
Ubuntu 23.10 : Ring vulnerabilities (USN-6422-2)
2023-10-24 00:00:00
FreeBSD : asterisk -- multiple vulnerabilities (964c5460-9c66-11ec-ad3a-001999f8d30b)
2022-03-05 00:00:00
Debian DLA-2962-1 : pjproject - LTS security update
2022-03-30 00:00:00
freebsd
freebsd
asterisk -- multiple vulnerabilities
2022-03-03 00:00:00
openvas
openvas
Asterisk Multiple Vulnerabilities (AST-2022-004, AST-2022-005, AST-2022-006)
2022-03-08 00:00:00
Debian: Security Advisory (DLA-2962-1)
2022-03-29 00:00:00
Ubuntu: Security Advisory (USN-6422-1)
2023-10-10 00:00:00
fortinet
fortinet
Multiple vulnerabilities in PJSIP library
2022-05-03 00:00:00
debian
debian
[SECURITY] [DLA 2962-1] pjproject security update
2022-03-28 14:59:03
[SECURITY] [DSA 5285-1] asterisk security update
2022-11-17 22:00:12
[SECURITY] [DLA 3194-1] asterisk security update
2022-11-17 11:35:54
gentoo
gentoo
PJSIP: Multiple Vulnerabilities
2022-10-31 00:00:00
ubuntu
ubuntu
Ring vulnerabilities
2023-10-09 00:00:00
Ring vulnerabilities
2023-10-24 00:00:00