UBUNTU-CVE-2021-43845
- Source
- https://ubuntu.com/security/CVE-2021-43845
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2021/UBUNTU-CVE-2021-43845.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2021-43845
- Related
- Published
- 2021-12-27T18:15:00Z
- Modified
- 2024-10-15T14:08:28Z
- Severity
-
- 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access. This affects all users that use PJMEDIA and RTCP XR. A malicious actor can send a RTCP XR message with an invalid packet size.
- References
-
- https://ubuntu.com/security/CVE-2021-43845
- https://github.com/pjsip/pjproject/security/advisories/GHSA-r374-qrwv-86hh
- https://github.com/pjsip/pjproject/commit/f74c1fc22b760d2a24369aa72c74c4a9ab985859
- https://github.com/pjsip/pjproject/pull/2924
- https://ubuntu.com/security/notices/USN-6422-1
- https://www.cve.org/CVERecord?id=CVE-2021-43845
Affected packages
Ubuntu:Pro:16.04:LTS / asterisk
Package
- Name
- asterisk
- Purl
- pkg:deb/ubuntu/asterisk?arch=src?distro=esm-apps/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:16.04:LTS / pjproject
Package
- Name
- pjproject
- Purl
- pkg:deb/ubuntu/pjproject?arch=src?distro=esm-apps/xenial
Ubuntu:Pro:18.04:LTS / asterisk
Package
- Name
- asterisk
- Purl
- pkg:deb/ubuntu/asterisk?arch=src?distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:18.04:LTS / pjproject
Package
- Name
- pjproject
- Purl
- pkg:deb/ubuntu/pjproject?arch=src?distro=esm-apps/bionic
Ubuntu:Pro:18.04:LTS / ring
Package
- Name
- ring
- Purl
- pkg:deb/ubuntu/ring?arch=src?distro=esm-apps/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed20180228.1.503da2b~ds1-1ubuntu0.1~esm1
Affected versions
20170803.*
20170803.2.5fcfe3f~dfsg1-1
20171024.*
20171024.1.eadbdeb~ds1-1
20171129.*
20171129.2.cf5bbff~ds1-1
20171129.2.cf5bbff~ds1-2
20180119.*
20180119.1.9e06f94~ds1-1
20180119.1.9e06f94~ds1-3
20180222.*
20180222.1.7bffde2~ds2-2
20180228.*
20180228.1.503da2b~ds1-1
20180228.1.503da2b~ds1-1build1
Ecosystem specific
{
"availability": "Available with Ubuntu Pro: https://ubuntu.com/pro",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "20180228.1.503da2b~ds1-1ubuntu0.1~esm1",
"binary_name": "ring"
},
{
"binary_version": "20180228.1.503da2b~ds1-1ubuntu0.1~esm1",
"binary_name": "ring-daemon"
},
{
"binary_version": "20180228.1.503da2b~ds1-1ubuntu0.1~esm1",
"binary_name": "ring-daemon-dbgsym"
},
{
"binary_version": "20180228.1.503da2b~ds1-1ubuntu0.1~esm1",
"binary_name": "ring-dbgsym"
}
]
}
Ubuntu:20.04:LTS / asterisk
Package
- Name
- asterisk
- Purl
- pkg:deb/ubuntu/asterisk?arch=src?distro=focal
Ubuntu:20.04:LTS / ring
Package
- Name
- ring
- Purl
- pkg:deb/ubuntu/ring?arch=src?distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1
Affected versions
20190215.*
20190215.1.f152c98~ds1-1
20190215.1.f152c98~ds1-1build1
20190215.1.f152c98~ds1-1build2
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "medium",
"binaries": [
{
"binary_version": "20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1",
"binary_name": "jami"
},
{
"binary_version": "20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1",
"binary_name": "jami-daemon"
},
{
"binary_version": "20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1",
"binary_name": "jami-daemon-dbgsym"
},
{
"binary_version": "20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1",
"binary_name": "jami-dbgsym"
},
{
"binary_version": "20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1",
"binary_name": "ring"
},
{
"binary_version": "20190215.1.f152c98~ds1-1+deb10u2build0.20.04.1",
"binary_name": "ring-daemon"
}
]
}
Ubuntu:22.04:LTS / asterisk
Package
- Name
- asterisk
- Purl
- pkg:deb/ubuntu/asterisk?arch=src?distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:24.10 / asterisk
Package
- Name
- asterisk
- Purl
- pkg:deb/ubuntu/asterisk?arch=src?distro=oracular
Ubuntu:24.04:LTS / asterisk
Package
- Name
- asterisk
- Purl
- pkg:deb/ubuntu/asterisk?arch=src?distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Affected versions
1:20.*
1:20.4.0~dfsg+~cs6.13.40431414-2
1:20.5.0~dfsg+~cs6.13.40431414-1
1:20.5.1~dfsg+~cs6.13.40431414-1
1:20.5.2~dfsg+~cs6.13.40431414-1
1:20.6.0~dfsg+~cs6.13.40431414-1
1:20.6.0~dfsg+~cs6.13.40431414-2
1:20.6.0~dfsg+~cs6.13.40431414-2build3
1:20.6.0~dfsg+~cs6.13.40431414-2build4
1:20.6.0~dfsg+~cs6.13.40431414-2build5