漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
PJSIP: Stack buffer overflow in pjsip_auth_create_digest2()
Vulnerability Description
PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, a stack buffer overflow exists in pjsip_auth_create_digest2() in PJSIP when using pre-computed digest credentials (PJSIP_CRED_DATA_DIGEST). The function copies credential data using cred_info->data.slen as the length without an upper-bound check, which can overflow the fixed-size ha1 stack buffer (128 bytes) if data.slen exceeds the expected digest string length.
CVSS Information
N/A
Vulnerability Type
栈缓冲区溢出
Vulnerability Title
PJSIP 安全漏洞
Vulnerability Description
PJSIP是pjsip开源的一个免费和开源的多媒体通信库,用C语言编写,实现基于标准的协议,如SIP, SDP, RTP, STUN, TURN,和ICE。 PJSIP 2.16及之前版本存在安全漏洞,该漏洞源于pjsip_auth_create_digest2函数在使用预计算摘要凭据时,复制凭据数据未进行上限检查,可能导致栈缓冲区溢出。
CVSS Information
N/A
Vulnerability Type
N/A