HomeUpdate5 security flows of communication library that can get targeted by the...

5 security flows of communication library that can get targeted by the attackers

-

Last Updated on 04/03/2022 by Nidhi Khandelwal

communication library has five security flaws that could be exploited by an attacker to cause arbitrary code execution and denial-of-service (DoS) in programs that use the protocol stack.

5 security flows of communication library that can get targeted by the attackers 1

JFrog’s Security Research team discovered and reported the flaws, and the project’s maintainers released patches (version 2.12) last week on February 24, 2022.

PJSIP is an open-source embedded SIP protocol suite written in C for popular communication platforms like WhatsApp and BlueJeans. It supports audio, video, and instant messaging features. Asterisk, a popular private branch exchange (PBX) switching technology for VoIP networks, also uses it.

“Buffers used in PJSIP typically have limited sizes, especially those allocated in the stack or supplied by the application,” PJSIP developer Sauw Ming wrote in a GitHub advisory last month, “but in several places, we do not check if our usage can exceed the sizes,” a scenario that could lead to buffer overflows.

5 security flows of communication library that can get targeted by the attackers 2

According to Uriya Yavnieli, a JFrog researcher who identified the issues, successful exploitation of the aforementioned flaws might allow a malicious actor to deliver attacker-controlled arguments to any of the vulnerable APIs, resulting in code execution and a DoS condition

Nidhi Khandelwal
Nidhi Khandelwal
Nidhi is a tech news/research contributor at TheDigitalHacker. She publishes about techno geopolitics, privacy, and data breach.
- Advertisment -

Must Read

This is how Russia is being punished for the war

0
The developer of the popular "node-ipc" NPM package published a new modified version to denounce Russia's invasion of Ukraine, sparking concerns about open-source and...