RCE vulnerabilities discovered in WhatsApp and other VoIP applications

Source: https://cobaltstrike.net/2022/03/02/rce-vulnerabilities-discovered-in-whatsapp-and-other-voip-applications/

WhatsApp messenger and other popular VoIP applications use the open source PJSIP library, which contains critical vulnerabilities of remote code execution.

PJSIP is an open source multimedia communication library. The library is also used by the Asterisk (Private Telephone Exchange) enterprise-class PBX suite of tools, which is used to provide voice over IP (VoIP) services.

According to the Asterisk website, the software has about 2 million downloads per year and runs on 1 million servers in 170 countries. Asterisk supports IP PBX systems, VoIP gateways and conference servers and is used by small and medium-sized businesses, enterprises, call centers, telecom operators and government agencies.

JFrog Security specialists have discovered five memory corruption vulnerabilities in PJSIP. Successful exploitation of vulnerabilities allows an attacker to remotely execute code in an application using the PJSIP library.

Three vulnerabilities are related to stack overflow and were rated 8.1 points on the CVSS scale. The remaining two include a read-out-of-buffer vulnerability and a buffer overflow vulnerability in the PJSUA API. Both vulnerabilities can cause a denial of service (DoS) condition and were rated 5.9 on the CVSS scale.

The problems affect all projects using the PJSIP library version older than 2.12 and passing malicious arguments to any of the following APIs: pjsua_player_create, pjsua_recorder_create, pjsua_playlist_create and pjsua_call_dump.

Start a discussion …