Lucene search

K

Veracode Vulnerability DatabaseVERACODE:34628

HistoryMar 12, 2022 - 10:47 a.m.

Out-of-Bounds Read

2022-03-1210:47:02

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

13

pjproject

out-of-bounds read

vulnerability

rtcp_xr.c

validation

rtcp xr

packet size

attacker

EPSS

0.003

Percentile

67.8%

pjproject is vulnerable to out of bounds read. The vulnerability exists in pjmedia_rtcp_xr_rx_rtcp_xr of rtcp_xr.c due to a lack of validation of received packet size which allows an attacker to send a RTCP XR message with an invalid packet size.

References

github.com/pjsip/pjproject/commit/f74c1fc22b760d2a24369aa72c74c4a9ab985859

github.com/pjsip/pjproject/pull/2924

github.com/pjsip/pjproject/security/advisories/GHSA-r374-qrwv-86hh

lists.debian.org/debian-lts-announce/2022/03/msg00035.html

lists.debian.org/debian-lts-announce/2022/11/msg00021.html

secdb.alpinelinux.org/edge/main.yaml

security.gentoo.org/glsa/202210-37

www.debian.org/security/2022/dsa-5285

EPSS

0.003

Percentile

67.8%

Related for VERACODE:34628

prion1 osv7 cvelist1 alpinelinux1 ubuntucve1 debiancve1 cve1 nvd1 fortinet1 openvas6 nessus7 debian4 gentoo1 ubuntu2