Cyber Security News

RCE Flaws Found in Communication Library Used by WhatsApp

The PJSIP open-source library is one of the most used libraries which is used by WhatsApp and several other VoIP applications. But, recently, several critical RCE flaws have been detected in PJSIP open source library.

The PJSIP is a multimedia communication library that is also used by the Asterisk enterprise-class open source PBX toolkit, and it’s mainly utilized to provide voice over IP (VoIP) services.

The official Asterisk site claims that the software has about 2 million downloads per year and runs on 1 million servers in more than 165 countries.

While Asterisk sustains:-

  • IP PBX systems
  • VoIP gateways
  • Conferencing servers

And all these systems are used by the:-

  • Small and medium businesses
  • Enterprises
  • Call centers
  • Telecom operators
  • Government agencies

Flaws Detected

In total, there are five RCE flaws are detected by the cybersecurity analysts at JFrog security firm, and here they are:-

  • CVE-2021-43299 (RCE): It’s a stack overflow in PJSUA API when calling pjsua_player_create, and has a CVSS score of 8.1.
  • CVE-2021-43300 (RCE): It’s a stack overflow in PJSUA API when calling pjsua_recorder_create, and has a CVSS score of 8.1.
  • CVE-2021-43301 (RCE): It’s a stack overflow in PJSUA API when calling pjsua_playlist_create, and has a CVSS score of 8.1.
  • CVE-2021-43302 (DDoS): It’s a read out-of-bounds in PJSUA API when calling pjsua_recorder_create, and has a CVSS score of 5.9.
  • CVE-2021-43303 (DDoS): It’s a buffer overflow in PJSUA API when calling pjsua_call_dump, and has a CVSS score of 5.9.

Among these five bugs, three of the vulnerabilities are related to the stack overflow bugs, with a score of 8.1 points on the CVSS scale. 

While the remaining two bugs in the PJSUA API are related to the out-of-buffer read vulnerability and the buffer overflow vulnerability with a score of 5.9 points on the CVSS scale.

Apart from this, the threat actors who can successfully trigger the above vulnerabilities can reverse the switch on RCE in an app that uses the open-source multimedia communication library, PJSIP.

In short, successfully exploiting the vulnerabilities allows the threat actors to remotely execute arbitrary code in an application that uses the PJSIP library.

Affected Projects

These vulnerabilities have affects all the projects that are using the PJSIP library version 2.12 or older. Here the threat actors can get control of the arguments to any of the following APIs by exploiting these flaws:-

  • pjsua_player_create
  • pjsua_recorder_create
  • pjsua_playlist_create
  • pjsua_call_dump

Though instant messaging apps like Skype, WhatsApp, and Google Hangouts have made it easy for anyone to interact face-to-face from anywhere on the globe, these security bugs depict the exact scenario of these applications.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity and hacking news updates.

Guru

Gurubaran is a Security Consultant, Security Editor & Co-Founder of Cyber Security News & GBHackers On Security.

Recent Posts

SSNDOB Marketplace Admin Jailed for Selling millions of Americans Data

In a resounding triumph for justice, U.S. District Judge Kathryn Kimball Mizelle has sentenced Vitalii…

11 hours ago

Is Your Online Store Hacked in a Carding Attack? Here’s an Action Plan to Protect

Hackers are plotting to benefit from the generosity of Halloween, Thanksgiving, and Christmas shoppers using…

14 hours ago

Google Researchers Find Out How ChatGPT Queries Can Collect Personal Data

The LLMs (Large Language Models) are evolving rapidly with continuous advancements in their research and…

15 hours ago

New Android Malware Employs Various Tactics to Deceive Malware Analyst

In the dynamic realm of mobile application security, cybercriminals employ ever more sophisticated forms of…

16 hours ago

DJvu Ransomware Mimic as Cracked Software to Compromise Computers

A recent campaign has been observed to be delivering DJvu ransomware through a loader that…

17 hours ago

Okta Hack: Threat Actors Downloaded all Customer Support System Users’ Data

In a pivotal update to the Okta security incident divulged in October 2023, Okta Security…

18 hours ago