What is CVE-2021-43302?

CVE-2021-43302 is a vulnerability in Teluu Pjsip, classified under Out-of-bounds Read. Published 2022-02-16.

Is CVE-2021-43302 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Out-of-bounds Read in Teluu Pjsip

CVE-2021-43302

Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause an out-of-bounds read when the filename is shorter than 4 characters.

Vulnerability class: Buffer Overflow

EPSS: 0.003 (55.5th percentile) — read the EPSS interpretation.

Affected products

Teluu Pjsip — versions unspecified

Weakness classification (CWE)

CWE-125 — Out-of-bounds Read

Public proof-of-concept exploits

nscuro/gotalias

References

github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
[debian-lts-announce] 20220328 [SECURITY] [DLA 2962-1] pjproject security update (mailing-list)
[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update (mailing-list)
DSA-5285 (vendor-advisory)
[debian-lts-announce] 20230829 [SECURITY] [DLA 3549-1] ring security update (mailing-list)

Frequently asked questions

What is CVE-2021-43302?: CVE-2021-43302 is a vulnerability in Teluu Pjsip, classified under Out-of-bounds Read. Published 2022-02-16.
Is CVE-2021-43302 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.