PJSIP has use-after-free vulnerability in SRTP media transport

PJSIP is a free and open source multimedia communication library written in C with high level API in C, C++, Java, C#, and Python languages. SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce use-after-free issue. This vulnerability affects applications that have SRTP capability (`PJMEDIA_HAS_SRTP` is set) and use underlying media transport other than UDP. This vulnerability’s impact may range from unexpected application termination to control flow hijack/memory corruption. The patch is available as a commit in the master branch.

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

释放后使用

PJSIP 资源管理错误漏洞

PJSIP是一个免费和开源的多媒体通信库，用C语言编写，实现基于标准的协议，如SIP, SDP, RTP, STUN, TURN，和ICE。 PJSIP 2.14之前版本存在资源管理错误漏洞，该漏洞源于较高级别的传输与其较低级别的传输不同步，这可能会引入释放后重用问题。

N/A

N/A