Sauwming

**Name of the Vulnerable Software and Affected Versions** PJSIP versions prior to 2.17 **Description** A heap out-of-bounds read exists in the VP9 RTP unpacketizer when parsing crafted VP9 Scalability Structure (SS) data. This occurs due to insufficient bounds checking on the payload descriptor length, which may lead to reads beyond the allocated RTP payload buffer. **Recommendations** Update to version 2.17. As a temporary workaround, disable the VP9 codec if it is not required.

**Name of the Vulnerable Software and Affected Versions** PJSIP versions 2.16 and below **Description** PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a cascading out-of-bounds heap read in the `pjsip multipart parse()` function. After boundary string matching, the `curptr` variable is advanced past the delimiter without verifying it has not reached the buffer end, allowing 1-2 bytes of adjacent heap memory to be read. All applications that process incoming SIP messages with multipart bodies or SDP content are potentially affected. **Recommendations** Upgrade to version 2.17.

**Name of the Vulnerable Software and Affected Versions** PJSIP versions 2.16 and below **Description** PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below contain a Heap-based Buffer Overflow in the DNS parser's name length handler. This impacts applications using PJSIP’s built-in DNS resolver, such as those configured with `pjsua config.nameserver` or `UaConfig.nameserver` in PJSUA/PJSUA2. Users who rely on the operating system resolver (e.g., `getaddrinfo()`) by not configuring a nameserver, or those using an external resolver via `pjsip resolver set ext resolver()`, are not affected. **Recommendations** Versions 2.16 and below: Upgrade to version 2.17 or disable DNS resolution in the PJSIP configuration by setting `nameserver count` to zero, or use an external resolver implementation.

**Name of the Vulnerable Software and Affected Versions** PJSIP (affected versions not specified) **Description** The issue affects applications that have SRTP capability (`PJMEDIA HAS SRTP` is set) and use underlying media transport other than UDP. A higher level transport is not synchronized with its lower level transport, which may introduce a use-after-free issue. The impact of this issue may range from unexpected application termination to control flow hijack/memory corruption. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PJSIP (affected versions not specified) **Description** The issue is related to a possible buffer overread when parsing a certain STUN message. This affects applications that use STUN, including PJNATH and PJSUA-LIB. The problem is similar to another known issue, GHSA-9pfh-r8x4-w26w. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** PJSIP versions prior to 2.13 **Description** The issue is related to a buffer overflow vulnerability in the PJSIP parser, PJMEDIA RTP decoder, and PJMEDIA SDP parser. This vulnerability can be exploited by a remote attacker to execute arbitrary code when users connect to untrusted clients. **Recommendations** For versions prior to 2.13, upgrade to version 2.13 or later to resolve the issue. As a temporary workaround, consider restricting connections to trusted clients until the upgrade is applied.

**Name of the Vulnerable Software and Affected Versions** PJSIP versions prior to 2.13 **Description** The issue is related to the incorrect switching from SRTP media transport to basic RTP upon SRTP restart when processing certain packets, causing media to be sent insecurely. This impacts all PJSIP users that use SRTP. The vulnerability may allow a remote attacker to gain unauthorized access to protected information. **Recommendations** For versions prior to 2.13, users are advised to manually patch using commit d2acb9a from the master branch or upgrade to version 2.13 to resolve the issue. As a temporary workaround, consider disabling SRTP restart until a patch is available. Restrict access to sensitive information to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PJSIP versions 2.12 and prior **Description** The issue is related to a stack buffer overflow vulnerability in the PJSIP multimedia communication library, specifically affecting users of PJSUA2 or those who call the API endpoints `pjmedia sdp print()` and `pjmedia sdp media print()`. This vulnerability can be exploited by a remote attacker to execute arbitrary code or cause a denial of service. Applications not using PJSUA2 and not directly calling `pjmedia sdp print()` or `pjmedia sdp media print()` are not affected. **Recommendations** For PJSIP versions 2.12 and prior, a patch is available on the `master` branch of the `pjsip/pjproject` GitHub repository. As a temporary workaround, consider disabling the `pjmedia sdp print()` and `pjmedia sdp media print()` functions until a patch is applied. Restrict access to the PJSUA2 API to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PJSIP versions 2.11.1 and prior **Description** The issue is related to a buffer overflow in memory when handling RTP/RTCP packets, which can be exploited by a remote attacker to cause a denial of service. PJSIP is a free and open source multimedia communication library that implements standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. The problem affects all users that use PJMEDIA and accept incoming RTP/RTCP packets. **Recommendations** For PJSIP versions 2.11.1 and prior, update to a version that includes the patch available as a commit in the `master` branch to resolve the issue. As a temporary workaround, consider restricting the acceptance of incoming RTP/RTCP packets until the patch is applied.

**Name of the Vulnerable Software and Affected Versions** PJSIP versions up to and including 2.11.1 **Description** The issue is related to synchronization errors when using shared resources in the PJSIP library. When an error or failure occurs in various parts of PJSIP, the function returns without releasing the currently held locks, potentially resulting in a system deadlock and causing a denial of service for users. **Recommendations** For versions up to and including 2.11.1, users may need to manually apply the patch, as no release has yet been made that contains the linked fix commit. As a temporary workaround, consider restricting access to shared resources to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PJSIP versions prior to 2.11.1 **Description** The issue is related to the SSL socket in PJSIP, a free and open source multimedia communication library. It involves a race condition between callback and destroy due to the accepted socket having no group lock, and the SSL socket parent/listener may get destroyed during handshake. These issues occur intermittently in heavy load TLS connections and cause a crash, resulting in a denial of service. **Recommendations** For versions prior to 2.11.1, update to version 2.11.1 to resolve the issue. As a temporary workaround, consider restricting the use of heavy load TLS connections to minimize the risk of exploitation.

**Name of the Vulnerable Software and Affected Versions** PJSIP versions 2.10 and earlier **Description** PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP, after an initial INVITE has been sent, when two 183 responses are received, with the first one causing negotiation failure, a crash will occur. This results in a denial of service. **Recommendations** For PJSIP versions 2.10 and earlier, update to a version later than 2.10 to resolve the issue. At the moment, there is no information about a newer version that contains a fix for this vulnerability.