Highsauwming

**Name of the Vulnerable Software and Affected Versions** PJSIP (affected versions not specified) **Description** The issue is related to an integer underflow scenario when processing a STUN message with an ERROR-CODE attribute. This can be exploited by a malicious actor located within the victim's network, who may forge and send a specially crafted UDP (STUN) message to remotely execute arbitrary code on the victim's machine. The problem affects all users that use STUN. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PJSIP versions 2.11.1 and prior **Description** The issue is related to a potential out-of-bound read access when parsing an incoming SIP message that contains a malformed multipart. This affects all PJSIP users that accept SIP multipart. The problem can be exploited by a remote attacker to cause a denial of service. **Recommendations** For PJSIP versions 2.11.1 and prior, update to a version that includes the patch available in the `master` branch, as there are no known workarounds for this issue. As a temporary workaround, consider restricting the acceptance of SIP multipart messages until the patch is applied.