Stack overflow in PJLIB leads to remote code execution when invoking pjsua_recorder_create
with malicious input
PJLIB (, 2.1.11], fixed in 2.12
CVE-2021-43300 was found in pjsua_recorder_create
(OO wrapper - AudioMediaRecorder::createRecorder
) which creates a file recorder and automatically connects this recorder to the conference bridge.
Attackers that can remotely control the contents of the filename
argument of pjsua_recorder_create
may cause remote code execution.
This function contains a stack overflow vulnerability when filename->ptr
is being copied via memcpy
to the path
stack variable without checking that filename->slen
is at most the path
allocated size which is PJ_MAXPATH
(260).
No PoC is supplied for this vulnerability.
No mitigations are provided for this vulnerability.
In order to fully fix this vulnerability, we recommend upgrading PJSIP to version 2.12.
(JFrog) 5 New Vulnerabilities Discovered in PJSIP Open Source Library