What is CVE-2021-43299?

CVE-2021-43299 is a vulnerability in Teluu Pjsip, classified under Stack-based Buffer Overflow. Published 2022-02-16.

Is CVE-2021-43299 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Teluu Pjsip

CVE-2021-43299

Stack overflow in PJSUA API when calling pjsua_player_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.

Vulnerability class: Buffer Overflow

EPSS: 0.004 (59.6th percentile) — read the EPSS interpretation.

Affected products

Teluu Pjsip — versions unspecified

Weakness classification (CWE)

CWE-121 — Stack-based Buffer Overflow

Public proof-of-concept exploits

References

github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
[debian-lts-announce] 20220328 [SECURITY] [DLA 2962-1] pjproject security update (mailing-list)
[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update (mailing-list)
DSA-5285 (vendor-advisory)
[debian-lts-announce] 20230829 [SECURITY] [DLA 3549-1] ring security update (mailing-list)

Frequently asked questions

What is CVE-2021-43299?: CVE-2021-43299 is a vulnerability in Teluu Pjsip, classified under Stack-based Buffer Overflow. Published 2022-02-16.
Is CVE-2021-43299 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.