The following vulnerabilities were published for ring. CVE-2021-32686[0]: | PJSIP is a free and open source multimedia communication library | written in C language implementing standard based protocols such as | SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, | there are a couple of issues found in the SSL socket. First, a race | condition between callback and destroy, due to the accepted socket | having no group lock. Second, the SSL socket parent/listener may get | destroyed during handshake. Both issues were reported to happen | intermittently in heavy load TLS connections. They cause a crash, | resulting in a denial of service. These are fixed in version 2.11.1. https://downloads.asterisk.org/pub/security/AST-2021-009.html https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd https://github.com/pjsip/pjproject/pull/2716 CVE-2021-37706[1]: | PJSIP is a free and open source multimedia communication library | written in C language implementing standard based protocols such as | SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the | incoming STUN message contains an ERROR-CODE attribute, the header | length is not checked before performing a subtraction operation, | potentially resulting in an integer underflow scenario. This issue | affects all users that use STUN. A malicious actor located within the | victim’s network may forge and send a specially crafted UDP | (STUN) message that could remotely execute arbitrary code on the | victim’s machine. Users are advised to upgrade as soon as | possible. There are no known workarounds. https://issues.asterisk.org/jira/browse/ASTERISK-29945 https://downloads.asterisk.org/pub/security/AST-2022-004.html https://github.com/pjsip/pjproject/security/advisories/GHSA-2qpg-f6wf-w984 https://github.com/pjsip/pjproject/commit/15663e3f37091069b8c98a7fce680dc04bc8e865 CVE-2022-21723[2]: | PJSIP is a free and open source multimedia communication library | written in C language implementing standard based protocols such as | SIP, SDP, RTP, STUN, TURN, and ICE. In versions 2.11.1 and prior, | parsing an incoming SIP message that contains a malformed multipart | can potentially cause out-of-bound read access. This issue affects all | PJSIP users that accept SIP multipart. The patch is available as | commit in the `master` branch. There are no known workarounds. https://issues.asterisk.org/jira/browse/ASTERISK-29945 https://downloads.asterisk.org/pub/security/AST-2022-006.html https://github.com/pjsip/pjproject/security/advisories/GHSA-7fw8-54cv-r7pm https://github.com/pjsip/pjproject/commit/077b465c33f0aec05a49cd2ca456f9a1b112e896 CVE-2022-23608[3]: | PJSIP is a free and open source multimedia communication library | written in C language implementing standard based protocols such as | SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including | 2.11.1 when in a dialog set (or forking) scenario, a hash key shared | by multiple UAC dialogs can potentially be prematurely freed when one | of the dialogs is destroyed . The issue may cause a dialog set to be | registered in the hash table multiple times (with different hash keys) | leading to undefined behavior such as dialog list collision which | eventually leading to endless loop. A patch is available in commit | db3235953baa56d2fb0e276ca510fefca751643f which will be included in the | next release. There are no known workarounds for this issue. https://issues.asterisk.org/jira/browse/ASTERISK-29945 https://downloads.asterisk.org/pub/security/AST-2022-005.html https://github.com/pjsip/pjproject/security/advisories/GHSA-ffff-m5fm-qm62 https://github.com/pjsip/pjproject/commit/db3235953baa56d2fb0e276ca510fefca751643f CVE-2021-43299[4]: | Stack overflow in PJSUA API when calling pjsua_player_create. An | attacker-controlled 'filename' argument may cause a buffer overflow | since it is copied to a fixed-size stack buffer without any size | validation. https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 CVE-2021-43300[5]: | Stack overflow in PJSUA API when calling pjsua_recorder_create. An | attacker-controlled 'filename' argument may cause a buffer overflow | since it is copied to a fixed-size stack buffer without any size | validation. https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 CVE-2021-43301[6]: | Stack overflow in PJSUA API when calling pjsua_playlist_create. An | attacker-controlled 'file_names' argument may cause a buffer overflow | since it is copied to a fixed-size stack buffer without any size | validation. https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 CVE-2021-43302[7]: | Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An | attacker-controlled 'filename' argument may cause an out-of-bounds | read when the filename is shorter than 4 characters. https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 CVE-2021-43303[8]: | Buffer overflow in PJSUA API when calling pjsua_call_dump. An | attacker-controlled 'buffer' argument may cause a buffer overflow, | since supplying an output buffer smaller than 128 characters may | overflow the output buffer, regardless of the 'maxlen' argument | supplied https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 CVE-2021-43804[9]: | PJSIP is a free and open source multimedia communication library | written in C language implementing standard based protocols such as | SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the | incoming RTCP BYE message contains a reason's length, this declared | length is not checked against the actual received packet size, | potentially resulting in an out-of-bound read access. This issue | affects all users that use PJMEDIA and RTCP. A malicious actor can | send a RTCP BYE message with an invalid reason length. Users are | advised to upgrade as soon as possible. There are no known | workarounds. https://github.com/pjsip/pjproject/security/advisories/GHSA-3qx3-cg72-wrh9 https://github.com/pjsip/pjproject/commit/8b621f192cae14456ee0b0ade52ce6c6f258af1e CVE-2021-43845[10]: | PJSIP is a free and open source multimedia communication library. In | version 2.11.1 and prior, if incoming RTCP XR message contain block, | the data field is not checked against the received packet size, | potentially resulting in an out-of-bound read access. This affects all | users that use PJMEDIA and RTCP XR. A malicious actor can send a RTCP | XR message with an invalid packet size. https://github.com/pjsip/pjproject/security/advisories/GHSA-r374-qrwv-86hh https://github.com/pjsip/pjproject/commit/f74c1fc22b760d2a24369aa72c74c4a9ab985859 https://github.com/pjsip/pjproject/pull/2924 CVE-2022-21722[11]: | PJSIP is a free and open source multimedia communication library | written in C language implementing standard based protocols such as | SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.11.1 and prior, there | are various cases where it is possible that certain incoming RTP/RTCP | packets can potentially cause out-of-bound read access. This issue | affects all users that use PJMEDIA and accept incoming RTP/RTCP. A | patch is available as a commit in the `master` branch. There are no | known workarounds. https://github.com/pjsip/pjproject/security/advisories/GHSA-m66q-q64c-hv36 https://github.com/pjsip/pjproject/commit/22af44e68a0c7d190ac1e25075e1382f77e9397a CVE-2022-24754[12]: | PJSIP is a free and open source multimedia communication library | written in C language. In versions prior to and including 2.12 PJSIP | there is a stack-buffer overflow vulnerability which only impacts | PJSIP users who accept hashed digest credentials (credentials with | data_type `PJSIP_CRED_DATA_DIGEST`). This issue has been patched in | the master branch of the PJSIP repository and will be included with | the next release. Users unable to upgrade need to check that the | hashed digest data length must be equal to `PJSIP_MD5STRLEN` before | passing to PJSIP. https://github.com/pjsip/pjproject/security/advisories/GHSA-73f7-48m9-w662 https://github.com/pjsip/pjproject/commit/d27f79da11df7bc8bb56c2f291d71e54df8d2c47 CVE-2022-24763[13]: | PJSIP is a free and open source multimedia communication library | written in the C language. Versions 2.12 and prior contain a denial- | of-service vulnerability that affects PJSIP users that consume PJSIP's | XML parsing in their apps. Users are advised to update. There are no | known workarounds. https://github.com/pjsip/pjproject/security/advisories/GHSA-5x45-qp78-g4p4 https://github.com/pjsip/pjproject/commit/856f87c2e97a27b256482dbe0d748b1194355a21 CVE-2022-24764[14]: | PJSIP is a free and open source multimedia communication library | written in C. Versions 2.12 and prior contain a stack buffer overflow | vulnerability that affects PJSUA2 users or users that call the API | `pjmedia_sdp_print(), pjmedia_sdp_media_print()`. Applications that do | not use PJSUA2 and do not directly call `pjmedia_sdp_print()` or | `pjmedia_sdp_media_print()` should not be affected. A patch is | available on the `master` branch of the `pjsip/pjproject` GitHub | repository. There are currently no known workarounds. https://github.com/pjsip/pjproject/security/advisories/GHSA-f5qg-pqcg-765m https://github.com/pjsip/pjproject/commit/560a1346f87aabe126509bb24930106dea292b00 CVE-2022-24793[15]: | PJSIP is a free and open source multimedia communication library | written in C. A buffer overflow vulnerability in versions 2.12 and | prior affects applications that uses PJSIP DNS resolution. It doesn't | affect PJSIP users who utilize an external resolver. A patch is | available in the `master` branch of the `pjsip/pjproject` GitHub | repository. A workaround is to disable DNS resolution in PJSIP config | (by setting `nameserver_count` to zero) or use an external resolver | instead. https://github.com/pjsip/pjproject/security/advisories/GHSA-p6g5-v97c-w5q4 https://github.com/pjsip/pjproject/commit/9fae8f43accef8ea65d4a8ae9cdf297c46cfe29a
Created asterisk tracking bugs for this issue: Affects: epel-all [bug 2173707] Affects: fedora-all [bug 2173706] Created pjproject tracking bugs for this issue: Affects: epel-all [bug 2173709] Affects: fedora-all [bug 2173708]
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
The CVE identifiers referenced in the subject and alias fields are not valid identifiers. CVE-2021-438450, CVE-2021-438451, CVE-2022-217221, CVE-2022-247541, CVE-2022-247542, CVE-2022-247631, CVE-2022-247633, CVE-2022-247641, CVE-2022-247644, CVE-2022-247931, CVE-2022-247935 The CVE identifiers referenced in comment 0 all have existing separate bugs. bug 1986481: CVE-2021-32686 bug 2035052: CVE-2021-37706 bug 2035065: CVE-2021-43804 bug 2050382: CVE-2022-21722 bug 2050387: CVE-2022-21723 bug 2055514: CVE-2021-43303 bug 2055518: CVE-2021-43299 bug 2055521: CVE-2021-43300 bug 2055524: CVE-2021-43301 bug 2055527: CVE-2021-43302 bug 2057191: CVE-2022-23608 bug 2067032: CVE-2022-24764 bug 2173699: CVE-2021-43845, CVE-2022-24754, CVE-2022-24763, CVE-2022-24793
*** Bug 2173708 has been marked as a duplicate of this bug. ***
*** Bug 2173709 has been marked as a duplicate of this bug. ***