cbcvebase.
CVE-2021-43300
published 2022-02-16

CVE-2021-43300: Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a…

PriorityP359critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
2.34%
81.5th percentile
Stack overflow in PJSUA API when calling pjsua_recorder_create. An attacker-controlled 'filename' argument may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation.

Affected

9 ranges
VendorProductVersion rangeFixed in
debianasterisk< asterisk 1:16.28.0~dfsg-0+deb11u1 (bullseye)asterisk 1:16.28.0~dfsg-0+deb11u1 (bullseye)
debiandebian_linux
debiandebian_linux
debiandebian_linux
debianring< asterisk 1:16.28.0~dfsg-0+deb11u1 (bullseye)asterisk 1:16.28.0~dfsg-0+deb11u1 (bullseye)
pjsippjproject>= 0 < 2.1.0.0.ast20130823-1+deb8u1ubuntu0.1~esm12.1.0.0.ast20130823-1+deb8u1ubuntu0.1~esm1
pjsippjproject>= 0 < 2.7.2~dfsg-1ubuntu0.1~esm12.7.2~dfsg-1ubuntu0.1~esm1
teluupjsip<= 2.11.1
teluupjsipunspecified – 2.11.1

CVSS provenance

nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_ubuntu9.8CRITICAL
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.