Debian Ring vulnerabilities

CVE-2021-43303 [CRITICAL] CVE-2021-43303: asterisk - Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlle... Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker-controlled 'buffer' argument may cause a buffer overflow, since supplying an output buffer smaller than 128 characters may overflow the output buffer, regardless of the 'maxlen' argument supplied Scope: local bullseye: resolved (fixed in 1:16.28.0~dfsg-0+deb11u1) sid: resolved (fixed in 1:18

CVE-2021-43804 [HIGH] CVE-2021-43804: asterisk - PJSIP is a free and open source multimedia communication library written in C la... PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming RTCP BYE message contains a reason's length, this declared length is not checked against the actual received packet size, potentially resulting in an out-of-boun

CVE-2021-37706 [HIGH] CVE-2021-37706: asterisk - PJSIP is a free and open source multimedia communication library written in C la... PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer un

CVE-2021-43845 [HIGH] CVE-2021-43845: asterisk - PJSIP is a free and open source multimedia communication library. In version 2.1... PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious actor can send a RTCP XR message with an inval

CVE-2021-21375 [MEDIUM] CVE-2021-21375: ring - PJSIP is a free and open source multimedia communication library written in C la... PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP version 2.10 and earlier, after an initial INVITE has been sent, when two 183 responses are received, with the first one causing negotiation failure, a crash will occur. This results in a den

CVE-2021-32686 [MEDIUM] CVE-2021-32686: asterisk - PJSIP is a free and open source multimedia communication library written in C la... PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second,

CVE-2020-15260 [MEDIUM] CVE-2020-15260: ring - PJSIP is a free and open source multimedia communication library written in C la... PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.10 and earlier, PJSIP transport can be reused if they have the same IP address + port + protocol. However, this is insufficient for secure transport since it lacks remote hostname authent