Skip to content

Potential stack buffer overflow when parsing message as a STUN client

Critical
sauwming published GHSA-26j7-ww69-c4qj Jun 7, 2022

Package

No package listed

Affected versions

2.12.1 or lower

Patched versions

2.13 or later

Description

Impact

It is a stack buffer overflow vulnerability that affects PJSIP users that use STUN in their applications, either by:

  • setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or
  • directly using pjlib-util/stun_simple API.

Patches

The patch is available as commit 450baca in the master branch.

For more information

If you have any questions or comments about this advisory:
Email us at [email protected]

Severity

Critical

CVE ID

CVE-2022-31031

Weaknesses

Credits