 |
Home ▼ Bookkeeping
Online ▼ Security
Audits ▼
Managed
DNS ▼
About
Order
FAQ
Acceptable Use Policy
Dynamic DNS Clients
Configure Domains Dyanmic DNS Update Password Network
Monitor ▼
Enterprise Package
Advanced Package
Standard Package
Free Trial
FAQ
Price/Feature Summary
Order/Renew
Examples
Configure/Status Alert Profiles | ||
| Test ID: | 1.3.6.1.4.1.25623.1.0.892962 |
| Category: | Debian Local Security Checks |
| Title: | Debian: Security Advisory (DLA-2962-1) |
| Summary: | The remote host is missing an update for the Debian 'pjproject' package(s) announced via the DLA-2962-1 advisory. |
| Description: | Summary: The remote host is missing an update for the Debian 'pjproject' package(s) announced via the DLA-2962-1 advisory. Vulnerability Insight: Multiple security issues were discovered in pjproject, is a free and open source multimedia communication library. CVE-2021-32686 A race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/listener may get destroyed during handshake. s. They cause crash, resulting in a denial of service. CVE-2021-37706 An incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim's network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim's machine CVE-2021-41141 In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently held locks. This could result in a system deadlock, which cause a denial of service for the users. CVE-2021-43299 Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled filename argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. CVE-2021-43300 Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled filename argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. CVE-2021-43301 Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled file_names argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation. CVE-2021-43302 Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled filename argument may cause an out-of-bounds read when the filename is shorter than 4 characters. CVE-2021-43303 Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled buffer argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer, regardless of the maxlen argument supplied CVE-2021-43804 An incoming RTCP BYE message contains a reason's length, this declared length is not checked against the actual received packet size, potentially resulting in an out-of-bound read access. A malicious actor can send a RTCP BYE message with an invalid reason length CVE-2021-43845 if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access CVE-2022-21722 it is possible that certain incoming RTP/RTCP packets can potentially cause out-of-bound read access. This issue affects all users that use PJMEDIA and accept incoming RTP/RTCP. CVE-2022-21723 Parsing an incoming SIP message that contains a malformed ... [Please see the references for more information on the vulnerabilities] Affected Software/OS: 'pjproject' package(s) on Debian 9. Solution: Please install the updated package(s). CVSS Score: 9.3 CVSS Vector: AV:N/AC:M/Au:N/C:C/I:C/A:C |
| Cross-Ref: |
Common Vulnerability Exposure (CVE) ID: CVE-2021-32686 https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr Debian Security Information: DSA-4999 (Google Search) https://www.debian.org/security/2021/dsa-4999 https://security.gentoo.org/glsa/202210-37 https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd https://github.com/pjsip/pjproject/pull/2716 https://github.com/pjsip/pjproject/releases/tag/2.11.1 https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html Common Vulnerability Exposure (CVE) ID: CVE-2021-37706 https://github.com/pjsip/pjproject/security/advisories/GHSA-2qpg-f6wf-w984 Debian Security Information: DSA-5285 (Google Search) https://www.debian.org/security/2022/dsa-5285 http://seclists.org/fulldisclosure/2022/Mar/0 http://packetstormsecurity.com/files/166225/Asterisk-Project-Security-Advisory-AST-2022-004.html https://github.com/pjsip/pjproject/commit/15663e3f37091069b8c98a7fce680dc04bc8e865 https://lists.debian.org/debian-lts-announce/2022/11/msg00021.html https://lists.debian.org/debian-lts-announce/2023/08/msg00038.html Common Vulnerability Exposure (CVE) ID: CVE-2021-41141 https://github.com/pjsip/pjproject/security/advisories/GHSA-8fmx-hqw7-6gmc https://github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196 Common Vulnerability Exposure (CVE) ID: CVE-2021-43299 https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 Common Vulnerability Exposure (CVE) ID: CVE-2021-43300 Common Vulnerability Exposure (CVE) ID: CVE-2021-43301 Common Vulnerability Exposure (CVE) ID: CVE-2021-43302 Common Vulnerability Exposure (CVE) ID: CVE-2021-43303 Common Vulnerability Exposure (CVE) ID: CVE-2021-43804 https://github.com/pjsip/pjproject/security/advisories/GHSA-3qx3-cg72-wrh9 https://github.com/pjsip/pjproject/commit/8b621f192cae14456ee0b0ade52ce6c6f258af1e Common Vulnerability Exposure (CVE) ID: CVE-2021-43845 https://github.com/pjsip/pjproject/security/advisories/GHSA-r374-qrwv-86hh https://github.com/pjsip/pjproject/commit/f74c1fc22b760d2a24369aa72c74c4a9ab985859 https://github.com/pjsip/pjproject/pull/2924 Common Vulnerability Exposure (CVE) ID: CVE-2022-21722 https://github.com/pjsip/pjproject/security/advisories/GHSA-m66q-q64c-hv36 https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397a Common Vulnerability Exposure (CVE) ID: CVE-2022-21723 https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm http://seclists.org/fulldisclosure/2022/Mar/2 http://packetstormsecurity.com/files/166227/Asterisk-Project-Security-Advisory-AST-2022-006.html https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896 Common Vulnerability Exposure (CVE) ID: CVE-2022-23608 https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62 http://seclists.org/fulldisclosure/2022/Mar/1 http://packetstormsecurity.com/files/166226/Asterisk-Project-Security-Advisory-AST-2022-005.html https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f https://lists.debian.org/debian-lts-announce/2022/03/msg00040.html Common Vulnerability Exposure (CVE) ID: CVE-2022-24754 https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662 https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47 Common Vulnerability Exposure (CVE) ID: CVE-2022-24764 https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00 |
| Copyright | Copyright (C) 2022 Greenbone AG |
| This is only one of 146377 vulnerability tests in our test suite. Find out more about running a complete security audit. To run a free test of this vulnerability against your system, register below. |