Impact
It is a stack-buffer overflow vulnerability and only impacts PJSIP users that accepts hashed digest credentials (credentials with data_type PJSIP_CRED_DATA_DIGEST).
Patches
The patch is available as commit d27f79d in the master branch.
Workarounds
Users need to check that the hashed digest data length must be equal to PJSIP_MD5STRLEN before passing to PJSIP.
For more information
If you have any questions or comments about this advisory:
Email us at security@pjsip.org
Cossack9989 Analyst
Impact
It is a stack-buffer overflow vulnerability and only impacts PJSIP users that accepts hashed digest credentials (credentials with data_type
PJSIP_CRED_DATA_DIGEST).Patches
The patch is available as commit d27f79d in the master branch.
Workarounds
Users need to check that the hashed digest data length must be equal to
PJSIP_MD5STRLENbefore passing to PJSIP.For more information
If you have any questions or comments about this advisory:
Email us at security@pjsip.org