Cossack9989

**Name of the Vulnerable Software and Affected Versions** joblib version 1.4.2 **Description** A deserialization issue was found in the joblib.numpy pickle::NumpyArrayWrapper().read array() component. This issue is disputed by the supplier, who claims that NumpyArrayWrapper is only used during caching of trusted content. **Recommendations** For joblib version 1.4.2, at the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** OpenSIPS versions prior to 3.1.9 and 3.2.6 **Description** OpenSIPS is a Session Initiation Protocol (SIP) server implementation. If the `ds is in list()` function is used with an invalid IP address string, OpenSIPS will attempt to print a string from a random address, which could lead to a crash. All users of `ds is in list()` without the `$si` variable as the 1st parameter could be affected by this issue to a larger, lesser, or no extent at all, depending on if the data passed to the function is a valid IPv4 or IPv6 address string or not. **Recommendations** For versions prior to 3.1.9, update to version 3.1.9 or later. For versions prior to 3.2.6, update to version 3.2.6 or later. As a temporary workaround, consider avoiding the use of the `ds is in list()` function with invalid IP address strings until a patch is available.

**Name of the Vulnerable Software and Affected Versions** PJSIP versions prior to and including 2.12.1 **Description** PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. A stack buffer overflow vulnerability affects PJSIP users that use STUN in their applications, either by setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or directly using `pjlib-util/stun simple` API. **Recommendations** For versions prior to and including 2.12.1, apply the patch available in commit 450baca to resolve the issue. As a temporary workaround, consider disabling the use of STUN in applications until the patch is applied. Restrict access to the `pjlib-util/stun simple` API to minimize the risk of exploitation. Avoid setting a STUN server in account/media config in PJSUA/PJSUA2 level until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Sofia-SIP versions prior to 1.13.8 **Description** Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. When parsing each line of a sdp message, `rest = record + 2` will access the memory behind `0` and cause an out-of-bounds write. An attacker can send a message with evil sdp to FreeSWITCH, causing a crash or more serious consequence, such as remote code execution. **Recommendations** For versions prior to 1.13.8, update to version 1.13.8 to resolve the issue. As a temporary workaround, consider restricting the parsing of sdp messages to prevent potential crashes or remote code execution. Avoid using the vulnerable `rest = record + 2` line in the sdp message parsing function until the issue is resolved.

**Name of the Vulnerable Software and Affected Versions** Sofia-SIP versions prior to 1.13.8 **Description** Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. An attacker can send a message with evil sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by a URL ending with `%`. **Recommendations** For versions prior to 1.13.8, update to version 1.13.8 to resolve the issue. As a temporary workaround, consider restricting the handling of URLs ending with `%` to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** Sofia-SIP versions prior to 1.13.8 **Description** Sofia-SIP is an open-source Session Initiation Protocol (SIP) User-Agent library. An attacker can send a message with malicious sdp to FreeSWITCH, which may cause a crash. This type of crash may be caused by `#define MATCH(s, m) (strncmp(s, m, n = sizeof(m) - 1) == 0)`, which will make `n` bigger and trigger out-of-bound access when `IS NON WS(s[n])`. **Recommendations** For versions prior to 1.13.8, update to version 1.13.8 to resolve the issue. As a temporary workaround, consider restricting the handling of sdp messages from untrusted sources until the patch is applied.

**Name of the Vulnerable Software and Affected Versions** PJSIP versions 2.12 and prior **Description** The issue is related to the implementation of the `pjmedia rtcp fb parse rpsi()` function in the PJSIP multimedia communication library. It is associated with a buffer overflow in memory when processing an incoming RPSI (Reference Picture Selection Indication) packet. Exploitation of this issue may allow a remote attacker to execute arbitrary code or cause a denial of service. **Recommendations** For PJSIP versions 2.12 and prior, a patch is available in the `master` branch of the `pjsip/pjproject` GitHub repository. As a temporary workaround, consider disabling the use of `pjmedia rtcp fb parse rpsi()` function until a patch is applied. There are currently no known workarounds other than applying the patch.

**Name of the Vulnerable Software and Affected Versions** PJSIP versions 2.12 and prior **Description** The issue is related to a buffer overflow vulnerability in the PJSIP library's DNS resolution implementation. This vulnerability can be exploited by a remote attacker to execute arbitrary code on the target system. The vulnerability occurs due to a lack of size checking on input data when processing DNS packets, which can lead to a heap buffer overflow. **Recommendations** For PJSIP versions 2.12 and prior, consider disabling DNS resolution in PJSIP config by setting `nameserver count` to zero as a temporary workaround. Update to a version that includes the patch available in the `master` branch of the `pjsip/pjproject` GitHub repository. Alternatively, use an external resolver instead of the built-in PJSIP DNS resolution to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PJSIP versions prior to 2.12 **Description** The issue is related to a denial-of-service condition that can be triggered by an infinite loop during XML parsing. This can allow a remote attacker to cause a denial-of-service. The vulnerability affects PJSIP users that consume PJSIP's XML parsing in their apps. **Recommendations** For versions prior to 2.12, update to a newer version to resolve the issue. As a temporary workaround, consider restricting the use of PJSIP's XML parsing functionality until a patch is available. There are no known workarounds for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PJSIP versions prior to and including 2.12 **Description** The issue is a stack-buffer overflow vulnerability in the PJSIP library, which only impacts users who accept hashed digest credentials with data type `PJSIP CRED DATA DIGEST`. This vulnerability can be exploited by a remote attacker to cause a denial of service or execute arbitrary code. The vulnerability is related to the `pjsip auth create digest()` function and can lead to memory damage. **Recommendations** For versions prior to and including 2.12, users should check that the hashed digest data length is equal to `PJSIP MD5STRLEN` before passing it to PJSIP. As a temporary workaround, consider adding a length check for the hashed digest data to prevent the stack-buffer overflow. Users should upgrade to a newer version once it is available, as the issue has been patched in the master branch of the PJSIP repository.

**Name of the Vulnerable Software and Affected Versions** Draytek Vigor3900 versions prior to 1.5.1.1 Draytek Vigor2960 versions prior to 1.5.1.1 Draytek Vigor300B versions prior to 1.5.1.1 **Description** The issue concerns command-injection vulnerabilities in the mainfunction.cgi file of the affected devices. This vulnerability exists due to inadequate data cleaning at the management level, allowing a remote attacker to inject arbitrary commands. **Recommendations** For Draytek Vigor3900 versions prior to 1.5.1.1, update to version 1.5.1.1 or later. For Draytek Vigor2960 versions prior to 1.5.1.1, update to version 1.5.1.1 or later. For Draytek Vigor300B versions prior to 1.5.1.1, update to version 1.5.1.1 or later. As a temporary workaround, consider restricting access to the mainfunction.cgi file until a patch is available.