If the incoming RTCP BYE message contains a reason's length, this declared length is not checked against the actual received packet size, potentially resulting in an out-of-bound read access.
Impact
It affects all users that use PJMEDIA and RTCP. A malicious actor can send a RTCP BYE message with an invalid reason length.
Patches
The patch is available as commit 8b621f1 in the master branch.
For more information
If you have any questions or comments about this advisory:
Email us at [email protected]
the-storm Analyst
If the incoming RTCP BYE message contains a reason's length, this declared length is not checked against the actual received packet size, potentially resulting in an out-of-bound read access.
Impact
It affects all users that use PJMEDIA and RTCP. A malicious actor can send a RTCP BYE message with an invalid reason length.
Patches
The patch is available as commit 8b621f1 in the master branch.
For more information
If you have any questions or comments about this advisory:
Email us at [email protected]