From 9ad73aa14a5743394e8c62ef1d04628e4ba5dd51 Mon Sep 17 00:00:00 2001 From: Neil Williams Date: Fri, 18 Feb 2022 11:23:52 +0000 Subject: Checked multiple CVEs in pjproject against asterisk and ring More updates to follow --- data/CVE/2021.list | 41 ++++++++++++++++++++++++++++++++--------- 1 file changed, 32 insertions(+), 9 deletions(-) (limited to 'data/CVE/2021.list') diff --git a/data/CVE/2021.list b/data/CVE/2021.list index 78ec0438e7..9b45ef4a59 100644 --- a/data/CVE/2021.list +++ b/data/CVE/2021.list @@ -7594,11 +7594,12 @@ CVE-2021-43847 (HumHub is an open-source social network kit written in PHP. Prio CVE-2021-43846 (`solidus_frontend` is the cart and storefront for the Solidus e-commer ...) NOT-FOR-US: solidus_frontend CVE-2021-43845 (PJSIP is a free and open source multimedia communication library. In v ...) + - asterisk - pjproject + - ring NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-r374-qrwv-86hh NOTE: https://github.com/pjsip/pjproject/commit/f74c1fc22b760d2a24369aa72c74c4a9ab985859 NOTE: https://github.com/pjsip/pjproject/pull/2924 - TODO: check, might affect in impact src:ring CVE-2021-43844 (MSEdgeRedirect is a tool to redirect news, search, widgets, weather, a ...) NOT-FOR-US: MSEdgeRedirect CVE-2021-43843 (jsx-slack is a package for building JSON objects for Slack block kit s ...) @@ -7695,10 +7696,11 @@ CVE-2021-43806 (Tuleap is a Libre and Open Source tool for end to end traceabili CVE-2021-43805 (Solidus is a free, open-source ecommerce platform built on Rails. Vers ...) NOT-FOR-US: Solidus CVE-2021-43804 (PJSIP is a free and open source multimedia communication library writt ...) + - asterisk - pjproject + - ring NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-3qx3-cg72-wrh9 NOTE: https://github.com/pjsip/pjproject/commit/8b621f192cae14456ee0b0ade52ce6c6f258af1e - TODO: check, might affect in impact src:ring CVE-2021-43803 (Next.js is a React framework. In versions of Next.js prior to 12.0.5 o ...) NOT-FOR-US: next.js CVE-2021-43802 (Etherpad is a real-time collaborative editor. In versions prior to 1.8 ...) @@ -9026,15 +9028,35 @@ CVE-2021-43305 CVE-2021-43304 RESERVED CVE-2021-43303 (Buffer overflow in PJSUA API when calling pjsua_call_dump. An attacker ...) - TODO: check + - asterisk + - pjproject + - ring + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 + NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 CVE-2021-43302 (Read out-of-bounds in PJSUA API when calling pjsua_recorder_create. An ...) - TODO: check + - asterisk + - pjproject + - ring + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 + NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 CVE-2021-43301 (Stack overflow in PJSUA API when calling pjsua_playlist_create. An att ...) - TODO: check + - asterisk + - pjproject + - ring + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 + NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 CVE-2021-43300 (Stack overflow in PJSUA API when calling pjsua_recorder_create. An att ...) - TODO: check + - asterisk + - pjproject + - ring + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 + NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 CVE-2021-43299 (Stack overflow in PJSUA API when calling pjsua_player_create. An attac ...) - TODO: check + - asterisk + - pjproject + - ring + NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-qcvw-h34v-c7r9 + NOTE: https://github.com/pjsip/pjproject/commit/d979253c924a686fa511d705be1f3ad0c5b20337 CVE-2021-43298 (The code that performs password matching when using 'Basic' HTTP authe ...) NOT-FOR-US: GoAhead Web Server CVE-2021-43297 (A deserialization vulnerability existed in dubbo hessian-lite 3.2.11 a ...) @@ -22772,10 +22794,11 @@ CVE-2021-37708 (Shopware is an open source eCommerce platform. Versions prior to CVE-2021-37707 (Shopware is an open source eCommerce platform. Versions prior to 6.4.3 ...) NOT-FOR-US: Shopware CVE-2021-37706 (PJSIP is a free and open source multimedia communication library writt ...) + - asterisk - pjproject + - ring NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-2qpg-f6wf-w984 NOTE: https://github.com/pjsip/pjproject/commit/15663e3f37091069b8c98a7fce680dc04bc8e865 - TODO: check, might affect in impact src:ring CVE-2021-37705 (OneFuzz is an open source self-hosted Fuzzing-As-A-Service platform. S ...) NOT-FOR-US: OneFuzz CVE-2021-37704 (PhpFastCache is a high-performance backend cache system (packagist pac ...) @@ -34567,11 +34590,11 @@ CVE-2021-32686 (PJSIP is a free and open source multimedia communication library [stretch] - asterisk (Vulnerable code not present) - pjproject [stretch] - pjproject (Minor issue; https://people.debian.org/~abhijith/upload/CVE-2021-32686.patch) + - ring NOTE: https://downloads.asterisk.org/pub/security/AST-2021-009.html NOTE: https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr NOTE: https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd NOTE: https://github.com/pjsip/pjproject/pull/2716 - TODO: check, might affect in impact src:ring CVE-2021-32685 (tEnvoy contains the PGP, NaCl, and PBKDF2 in node.js and the browser ( ...) NOT-FOR-US: tEnvoy CVE-2021-32684 (magento-scripts contains scripts and configuration used by Create Mage ...) -- cgit v1.2.3