What is CVE-2021-43303?

CVE-2021-43303 is a vulnerability in Teluu Pjsip, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). Published 2022-02-16.

Is CVE-2021-43303 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Teluu Pjsip

CVE-2021-43303

Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer, regardless of the…

Vulnerability class: Buffer Overflow

EPSS: 0.004 (62.8th percentile) — read the EPSS interpretation.

Affected products

Teluu Pjsip — versions unspecified

Weakness classification (CWE)

CWE-120 — Buffer Copy without Checking Size of Input (Classic Buffer Overflow)

Public proof-of-concept exploits

nscuro/gotalias

References

github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9
[debian-lts-announce] 20220328 [SECURITY] [DLA 2962-1] pjproject security update (mailing-list)
[debian-lts-announce] 20221117 [SECURITY] [DLA 3194-1] asterisk security update (mailing-list)
DSA-5285 (vendor-advisory)
[debian-lts-announce] 20230829 [SECURITY] [DLA 3549-1] ring security update (mailing-list)

Frequently asked questions

What is CVE-2021-43303?: CVE-2021-43303 is a vulnerability in Teluu Pjsip, classified under Buffer Copy without Checking Size of Input (Classic Buffer Overflow). Published 2022-02-16.
Is CVE-2021-43303 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.