critical
9.8
CWE
191
Advisory Published
Updated

CVE-2021-37706: Potential integer underflow upon receiving STUN message in PJSIP

First published: Wed Dec 22 2021(Updated: )

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine. Users are advised to upgrade as soon as possible. There are no known workarounds.

Credit: security-advisories@github.com security-advisories@github.com security-advisories@github.com

Affected SoftwareAffected VersionHow to fix
Teluu PJSIP<=2.11.1
Asterisk Certified Asterisk<16.8.0
Asterisk Certified Asterisk=16.8.0
Asterisk Certified Asterisk=16.8.0-cert1
Asterisk Certified Asterisk=16.8.0-cert10
Asterisk Certified Asterisk=16.8.0-cert11
Asterisk Certified Asterisk=16.8.0-cert12
Asterisk Certified Asterisk=16.8.0-cert2
Asterisk Certified Asterisk=16.8.0-cert3
Asterisk Certified Asterisk=16.8.0-cert4
Asterisk Certified Asterisk=16.8.0-cert5
Asterisk Certified Asterisk=16.8.0-cert6
Asterisk Certified Asterisk=16.8.0-cert7
Asterisk Certified Asterisk=16.8.0-cert8
Asterisk Certified Asterisk=16.8.0-cert9
Sangoma Asterisk>=16.0.0<16.24.1
Sangoma Asterisk>=18.0.0<18.10.1
Sangoma Asterisk>=19.0.0<19.2.1
Debian Debian Linux=9.0
Debian Debian Linux=10.0
ubuntu/ring<20180228.1.503
20180228.1.503
ubuntu/ring<20190215.1.
20190215.1.
ubuntu/ring<20230206.0~
20230206.0~
ubuntu/ring<20230206.0~
20230206.0~
debian/asterisk
1:16.28.0~dfsg-0+deb10u4
1:16.28.0~dfsg-0+deb11u3
1:16.28.0~dfsg-0+deb11u4
1:20.6.0~dfsg+~cs6.13.40431414-2
debian/ring<=20190215.1.f152c98~ds1-1+deb10u1<=20210112.2.b757bac~ds1-1<=20230206.0~ds2-1.1
20190215.1.f152c98~ds1-1+deb10u2
20231201.0~ds1-1

Remedy

http://seclists.org/fulldisclosure/2022/Mar/0

Remedy

https://github.com/pjsip/pjproject/commit/15663e3f37091069b8c98a7fce680dc04bc8e865

Remedy

https://github.com/pjsip/pjproject/security/advisories/GHSA-2qpg-f6wf-w984

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

Frequently Asked Questions

  • What is CVE-2021-37706?

    CVE-2021-37706 is a vulnerability in the PJSIP library that allows an attacker to execute arbitrary code or cause a denial-of-service.

  • Which software versions are affected by CVE-2021-37706?

    Versions up to and including PJSIP 2.11.1, Asterisk Certified Asterisk 16.8.0, Sangoma Asterisk 16.0.0 to 16.24.1, Sangoma Asterisk 18.0.0 to 18.10.1, Sangoma Asterisk 19.0.0 to 19.2.1, Debian Debian Linux 9.0 and 10.0, and Ubuntu ring package versions 20180228.1.503, 20190215.1., and 20230206.0~ are affected by CVE-2021-37706.

  • What is the severity of CVE-2021-37706?

    CVE-2021-37706 has a severity rating of 9.8 (Critical).

  • How does CVE-2021-37706 work?

    CVE-2021-37706 works by exploiting a vulnerability in the way PJSIP handles incoming STUN messages with an ERROR-CODE attribute, allowing an attacker to bypass header length checks and potentially execute arbitrary code or cause a denial-of-service.

  • How can I mitigate CVE-2021-37706?

    To mitigate CVE-2021-37706, it is recommended to update to a patched version of the affected software as soon as it becomes available. Additionally, network-level defenses such as firewalls and intrusion detection systems may help detect and block exploitation attempts.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2024 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203