SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce use-after-free issue.
Impact
This vulnerability affects applications that have SRTP capability (PJMEDIA_HAS_SRTP is set) and use underlying media transport other than UDP. This vulnerability’s impact may range from unexpected application termination to control flow hijack/memory corruption.
Patches
The patch is available as commit 6dc9b8c in the master branch.
For more information
If you have any questions or comments about this advisory:
Email us at security@pjsip.org
SRTP is a higher level media transport which is stacked upon a lower level media transport such as UDP and ICE. Currently a higher level transport is not synchronized with its lower level transport that may introduce use-after-free issue.
Impact
This vulnerability affects applications that have SRTP capability (
PJMEDIA_HAS_SRTPis set) and use underlying media transport other than UDP. This vulnerability’s impact may range from unexpected application termination to control flow hijack/memory corruption.Patches
The patch is available as commit 6dc9b8c in the master branch.
For more information
If you have any questions or comments about this advisory:
Email us at security@pjsip.org