9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.002 Low
EPSS
Percentile
59.1%
PJSIP is a free and open source multimedia communication library. In
version 2.11.1 and prior, if incoming RTCP XR message contain block, the
data field is not checked against the received packet size, potentially
resulting in an out-of-bound read access. This affects all users that use
PJMEDIA and RTCP XR. A malicious actor can send a RTCP XR message with an
invalid packet size.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | asterisk | < any | UNKNOWN |
ubuntu | 20.04 | noarch | asterisk | < any | UNKNOWN |
ubuntu | 22.04 | noarch | asterisk | < any | UNKNOWN |
ubuntu | 23.10 | noarch | asterisk | < any | UNKNOWN |
ubuntu | 16.04 | noarch | asterisk | < any | UNKNOWN |
ubuntu | 18.04 | noarch | pjproject | < any | UNKNOWN |
ubuntu | 16.04 | noarch | pjproject | < any | UNKNOWN |
ubuntu | 18.04 | noarch | ring | < 20180228.1.503da2b~ds1-1ubuntu0.1~esm1 | UNKNOWN |
ubuntu | 20.04 | noarch | ring | < 20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1 | UNKNOWN |
github.com/pjsip/pjproject/commit/f74c1fc22b760d2a24369aa72c74c4a9ab985859
github.com/pjsip/pjproject/pull/2924
github.com/pjsip/pjproject/security/advisories/GHSA-r374-qrwv-86hh
launchpad.net/bugs/cve/CVE-2021-43845
nvd.nist.gov/vuln/detail/CVE-2021-43845
security-tracker.debian.org/tracker/CVE-2021-43845
ubuntu.com/security/notices/USN-6422-1
www.cve.org/CVERecord?id=CVE-2021-43845
9.1 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H
6.4 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:P/I:N/A:P
0.002 Low
EPSS
Percentile
59.1%