CVE-2021-37706

CVSS v3.1

9.8

Critical

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions PJSIP (affected versions not specified)

Description The issue is related to an integer underflow scenario when processing a STUN message with an ERROR-CODE attribute. This can be exploited by a malicious actor located within the victim's network, who may forge and send a specially crafted UDP (STUN) message to remotely execute arbitrary code on the victim's machine. The problem affects all users that use STUN.

Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Integer Underflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-191

Related Identifiers

ALT-PU-2020-2313

ALT-PU-2024-15954

ALT-PU-2024-16030

BDU:2022-01086

CVE-2021-37706

DLA-2962-1

DLA-3194-1

DLA-3549-1

DLA-3887-1

DSA-5285-1

GHSA-2QPG-F6WF-W984

USN-6422-1

USN-6422-2

USN-8122-1

Affected Products

Alt Linux

Linuxmint

Pjsip

Ubuntu

CVE-2021-37706

Weakness Enumeration

Related Identifiers

Affected Products

References · 63