Out-of-Bounds Read

2022-03-1210:43:59

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

0.003 Low

EPSS

Percentile

71.3%

JSON

pjproject is vulnerable to out of bounds read. The vulnerability exists due to the incoming RTCP BYE message contains a reason’s length, this declared length is not checked against the actual received packet size, potentially resulting in an out-of-bound read access.

CPENameOperatorVersion
pjproject:edgeeq2.11-r0
pjproject:edgeeq2.9-r0
pjproject:edgeeq2.11.1-r2
pjproject:edgeeq2.11.1-r0
asterisk:sideq1:16.15.0~dfsg-1
asterisk:bookwormeq1:16.16.1~dfsg-2
asterisk:bustereq1:16.2.1~dfsg-1+deb10u2
asterisk:bullseyeeq1:16.16.1~dfsg-1
pjproject:edgeeq2.11-r0
pjproject:edgeeq2.9-r0

Name	Operator	Version
pjproject:edge	eq	2.11-r0
pjproject:edge	eq	2.9-r0
pjproject:edge	eq	2.11.1-r2
pjproject:edge	eq	2.11.1-r0
asterisk:sid	eq	1:16.15.0~dfsg-1
asterisk:bookworm	eq	1:16.16.1~dfsg-2
asterisk:buster	eq	1:16.2.1~dfsg-1+deb10u2
asterisk:bullseye	eq	1:16.16.1~dfsg-1
pjproject:edge	eq	2.11-r0
pjproject:edge	eq	2.9-r0