Read out-of-bounds in PJLIB leads to denial of service when invoking
pjsua_recorder_create with malicious input.
PJLIB (, 2.1.11], fixed in 2.12
CVE-2021-43302 was found in
pjsua_recorder_create (OO wrapper -
AudioMediaRecorder::createRecorder) which creates a file recorder and automatically connects this recorder to the conference bridge.
Attackers that can remotely control the contents of the
filename argument of
pjsua_recorder_create may cause a denial of service.
This function contains a read out of bounds vulnerability since it does not check if the length of
filename is at least 4. If
filename is shorter than 4,
pj_stricmp2 will cause a read out-of-bounds in a string comparison operation.
No PoC is supplied for this vulnerability.
No mitigations are provided for this vulnerability.
In order to fully fix this vulnerability, we recommend upgrading PJSIP to version 2.12.