If incoming SIP message contains a malformed multipart, the process of parsing it in pjsip_multipart_parse() can potentially cause out-of-bound read access.
Impact
It affects all PJSIP users that accepts SIP multipart.
Patches
The patch is available as commit 077b465 in the master branch.
Other considerations
We were also considering of modifying the SIP multipart input buffer to create a temporary NULL sentinel within the buffer but decided not to. The downside of the approach is that we need exclusive access to the input buffer (which is currently not mentioned in the doc), so any app currently reading/processing the message at the same time will be affected.
For more information
If you have any questions or comments about this advisory:
Email us at security@pjsip.org
If incoming SIP message contains a malformed multipart, the process of parsing it in
pjsip_multipart_parse()can potentially cause out-of-bound read access.Impact
It affects all PJSIP users that accepts SIP multipart.
Patches
The patch is available as commit 077b465 in the master branch.
Other considerations
We were also considering of modifying the SIP multipart input buffer to create a temporary NULL sentinel within the buffer but decided not to. The downside of the approach is that we need exclusive access to the input buffer (which is currently not mentioned in the doc), so any app currently reading/processing the message at the same time will be affected.
For more information
If you have any questions or comments about this advisory:
Email us at security@pjsip.org