漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Use after free in PJSIP
Vulnerability Description
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In versions up to and including 2.11.1 when in a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can potentially be prematurely freed when one of the dialogs is destroyed . The issue may cause a dialog set to be registered in the hash table multiple times (with different hash keys) leading to undefined behavior such as dialog list collision which eventually leading to endless loop. A patch is available in commit db3235953baa56d2fb0e276ca510fefca751643f which will be included in the next release. There are no known workarounds for this issue.
CVSS Information
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H
Vulnerability Type
释放后使用
Vulnerability Title
PJSIP 资源管理错误漏洞
Vulnerability Description
PJSIP是一个免费和开源的多媒体通信库,用C语言编写,实现基于标准的协议,如SIP, SDP, RTP, STUN, TURN,和ICE。 PJSIP 存在资源管理错误漏洞,该漏洞源于在2.11.1之前的版本中,在对话框集(或分叉)场景中,多个UAC对话框共享的哈希键可能会在其中一个对话框被销毁时提前释放。攻击者可利用该漏洞导致一个对话框集在哈希表中注册多次(使用不同的哈希键),从而导致未定义的行为,如对话列表冲突,最终导致无尽的循环。
CVSS Information
N/A
Vulnerability Type
N/A