Lucene search

K
redosRedosROS-20221227-02
HistoryDec 27, 2022 - 12:00 a.m.

ROS-20221227-02

2022-12-2700:00:00
redos.red-soft.ru
16
vulnerability
pjsip
multimedia library
remote attackers
arbitrary code
heap buffer overflow
stun messages
unix

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

53.2%

A vulnerability in the PJSIP multimedia library is related to a boundary error in the decoding of STUN messages.
Exploitation of the vulnerability could allow an attacker acting remotely to transmit a specially crafted STUN message to an application, cause a heap buffer overflow, and execute arbitrary code.
a specially crafted STUN message to an application, cause a heap buffer overflow, and execute arbitrary code on the
target system

OSVersionArchitecturePackageVersionFilename
redos7.3x86_64pjproject< 2.7.2-10UNKNOWN

CVSS3

9.8

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS

0.002

Percentile

53.2%