vulnerability

Ubuntu: (Multiple Advisories) (CVE-2021-37706): Ring vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
9	(AV:N/AC:M/Au:N/C:C/I:C/A:C)	Dec 22, 2021	Oct 10, 2023	Nov 15, 2024

Severity

CVSS

(AV:N/AC:M/Au:N/C:C/I:C/A:C)

Published

Dec 22, 2021

Added

Oct 10, 2023

Modified

Nov 15, 2024

Description

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine. Users are advised to upgrade as soon as possible. There are no known workarounds.

Solution(s)

ubuntu-pro-upgrade-jamiubuntu-pro-upgrade-jami-daemonubuntu-pro-upgrade-ringubuntu-pro-upgrade-ring-daemon

References

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today