What is CVE-2021-43301?

CVE-2021-43301 is a vulnerability in Teluu Pjsip, classified under Stack-based Buffer Overflow. Published 2022-02-16.

Is CVE-2021-43301 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Teluu Pjsip

CVE-2021-43301

Stack overflow in PJSUA API when calling pjsua_playlist_create. An attacker-controlled 'file_names' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.

Vulnerability class: Buffer Overflow

EPSS: 0.004 (62.8th percentile) — read the EPSS interpretation.

Affected products

Teluu Pjsip — versions unspecified

Weakness classification (CWE)

CWE-121 — Stack-based Buffer Overflow

Public proof-of-concept exploits

nscuro/gotalias

References

github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
[debian-lts-announce] 20220328 [SECURITY] [DLA 2962-1] pjproject security update (mailing-list)
[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update (mailing-list)
DSA-5285 (vendor-advisory)
[debian-lts-announce] 20230829 [SECURITY] [DLA 3549-1] ring security update (mailing-list)

Frequently asked questions

What is CVE-2021-43301?: CVE-2021-43301 is a vulnerability in Teluu Pjsip, classified under Stack-based Buffer Overflow. Published 2022-02-16.
Is CVE-2021-43301 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.