Skip to content

Potential stack buffer overflow when parsing message as a STUN client

Critical
sauwming published GHSA-26j7-ww69-c4qj Jun 7, 2022

Package

No package listed

Affected versions

2.12.1 or lower

Patched versions

2.13 or later

Description

Impact

It is a stack buffer overflow vulnerability that affects PJSIP users that use STUN in their applications, either by:

  • setting a STUN server in their account/media config in PJSUA/PJSUA2 level, or
  • directly using pjlib-util/stun_simple API.

Patches

The patch is available as commit 450baca in the master branch.

For more information

If you have any questions or comments about this advisory:
Email us at [email protected]

Severity

Critical

CVE ID

CVE-2022-31031

Weaknesses

Stack-based Buffer Overflow

A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). Learn more on MITRE.

Credits