cve/2021/CVE-2021-37706.md

### [CVE-2021-37706](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-37706)
![](https://img.shields.io/static/v1?label=Product&message=pjproject&color=blue)
![](https://img.shields.io/static/v1?label=Version&message=n%2Fa&color=blue)
![](https://img.shields.io/static/v1?label=Vulnerability&message=CWE-191%3A%20Integer%20Underflow%20(Wrap%20or%20Wraparound)&color=brighgreen)

### Description

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In affected versions if the incoming STUN message contains an ERROR-CODE attribute, the header length is not checked before performing a subtraction operation, potentially resulting in an integer underflow scenario. This issue affects all users that use STUN. A malicious actor located within the victim’s network may forge and send a specially crafted UDP (STUN) message that could remotely execute arbitrary code on the victim’s machine. Users are advised to upgrade as soon as possible. There are no known workarounds.

### POC

#### Reference
- http://packetstormsecurity.com/files/166225/Asterisk-Project-Security-Advisory-AST-2022-004.html

#### Github
- https://github.com/ARPSyndicate/cvemon