Stack overflow in PJLIB leads to remote code execution when invoking pjsua_player_create
with malicious input
PJLIB (, 2.1.11], fixed in 2.12
CVE-2021-43299 was found in pjsua_player_create
(OO wrapper - AudioMediaPlayer::createPlayer
) which creates a file player and automatically adds this player to the conference bridge.
Attackers that can remotely control the contents of the filename
argument of pjsua_player_create
may cause remote code execution.
This function contains a stack overflow vulnerability when filename->ptr
is being copied to path
without verifying that filename->slen
(the filename size) is at most path
’s allocated size which is PJ_MAXPATH
(260). Therefore, passing a filename longer than 260 characters will cause a stack overflow.
No PoC is supplied for this vulnerability.
No mitigations are provided for this vulnerability.
In order to fully fix this vulnerability, we recommend upgrading PJSIP to version 2.12.
(JFrog) 5 New Vulnerabilities Discovered in PJSIP Open Source Library