If incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access.
Impact
It affects all users that use PJMEDIA and RTCP XR. A malicious actor can send a RTCP XR message with an invalid packet size.
Patches
The patch is available as commit f74c1fc in the master branch.
For more information
If you have any questions or comments about this advisory:
Email us at [email protected]
the-storm Analyst
If incoming RTCP XR message contain block, the data field is not checked against the received packet size, potentially resulting in an out-of-bound read access.
Impact
It affects all users that use PJMEDIA and RTCP XR. A malicious actor can send a RTCP XR message with an invalid packet size.
Patches
The patch is available as commit f74c1fc in the master branch.
For more information
If you have any questions or comments about this advisory:
Email us at [email protected]