Details of VAR-201803-0093

ID

VAR-201803-0093

CVE

CVE-2015-2003

TITLE

Android for PJSIP PJSUA2 SDK Vulnerabilities related to range errors

Trust: 0.8

sources: JVNDB: JVNDB-2015-008173

DESCRIPTION

The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finalize method in a Serializable class that improperly passes an attacker-controlled pointer to a native function. Android for PJSIP PJSUA2 SDK Contains a range error vulnerability.Information is obtained, information is altered, and service operation is disrupted (DoS) There is a possibility of being put into a state. PJSIP PJSUA2 SDK for Android is a software development kit based on the Android platform that provides an API for building Session Initiation Protocol (SIP) multimedia user agent applications. There are security vulnerabilities in versions before PJSIP PJSUA2 SDK SVN Changeset based on Android platform 51322

Trust: 2.16

sources: NVD: CVE-2015-2003 // JVNDB: JVNDB-2015-008173 // CNVD: CNVD-2018-08096

IOT TAXONOMY

category:

['IoT']

sub_category:

Trust: 0.6

sources: CNVD: CNVD-2018-08096

AFFECTED PRODUCTS

vendor:	pjsip	model:	pjsua2 sdk	scope:	lt	version:	51322	Trust: 1.0
vendor:	pjsip	model:	pjsua2 sdk	scope:	lt	version:	svn changeset 51322	Trust: 0.8
vendor:	pjsip	model:	pjsua2 sdk for android <svn changeset	scope:	eq	version:	51322	Trust: 0.6

sources: CNVD: CNVD-2018-08096 // JVNDB: JVNDB-2015-008173 // NVD: CVE-2015-2003

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov:	CVE-2015-2003
value:	CRITICAL
Trust: 1.0
NVD:	CVE-2015-2003
value:	CRITICAL
Trust: 0.8
CNVD:	CNVD-2018-08096
value:	HIGH
Trust: 0.6
CNNVD:	CNNVD-201803-1122
value:	HIGH
Trust: 0.6

nvd@nist.gov:	CVE-2015-2003
severity:	HIGH
baseScore:	7.5
vectorString:	AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	PARTIAL
integrityImpact:	PARTIAL
availabilityImpact:	PARTIAL
exploitabilityScore:	10.0
impactScore:	6.4
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 1.8
CNVD:	CNVD-2018-08096
severity:	HIGH
baseScore:	10.0
vectorString:	AV:N/AC:L/AU:N/C:C/I:C/A:C
accessVector:	NETWORK
accessComplexity:	LOW
authentication:	NONE
confidentialityImpact:	COMPLETE
integrityImpact:	COMPLETE
availabilityImpact:	COMPLETE
exploitabilityScore:	10.0
impactScore:	10.0
acInsufInfo:	NONE
obtainAllPrivilege:	NONE
obtainUserPrivilege:	NONE
obtainOtherPrivilege:	NONE
userInteractionRequired:	NONE
version:	2.0
Trust: 0.6

nvd@nist.gov:	CVE-2015-2003
baseSeverity:	CRITICAL
baseScore:	9.8
vectorString:	CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
attackVector:	NETWORK
attackComplexity:	LOW
privilegesRequired:	NONE
userInteraction:	NONE
scope:	UNCHANGED
confidentialityImpact:	HIGH
integrityImpact:	HIGH
availabilityImpact:	HIGH
exploitabilityScore:	3.9
impactScore:	5.9
version:	3.0
Trust: 1.8

sources: CNVD: CNVD-2018-08096 // JVNDB: JVNDB-2015-008173 // CNNVD: CNNVD-201803-1122 // NVD: CVE-2015-2003

PROBLEMTYPE DATA

problemtype:

CWE-118

Trust: 1.8

sources: JVNDB: JVNDB-2015-008173 // NVD: CVE-2015-2003

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-201803-1122

TYPE

lack of information

Trust: 0.6

sources: CNNVD: CNNVD-201803-1122

CONFIGURATIONS

sources: JVNDB: JVNDB-2015-008173

PATCH

title:	Top Page	url:	http://www.pjsip.org/	Trust: 0.8
title:	Patch for PJSIP PJSUA2 SDK for Android Arbitrary Code Execution Vulnerability	url:	https://www.cnvd.org.cn/patchInfo/show/126761	Trust: 0.6
title:	PJSIP PJSUA2 SDK for Android Security vulnerabilities	url:	http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=82875	Trust: 0.6

sources: CNVD: CNVD-2018-08096 // JVNDB: JVNDB-2015-008173 // CNNVD: CNNVD-201803-1122

EXTERNAL IDS

db:	NVD	id:	CVE-2015-2003	Trust: 3.0
db:	JVNDB	id:	JVNDB-2015-008173	Trust: 0.8
db:	CNVD	id:	CNVD-2018-08096	Trust: 0.6
db:	CNNVD	id:	CNNVD-201803-1122	Trust: 0.6

sources: CNVD: CNVD-2018-08096 // JVNDB: JVNDB-2015-008173 // CNNVD: CNNVD-201803-1122 // NVD: CVE-2015-2003

REFERENCES

url:	https://www.usenix.org/system/files/conference/woot15/woot15-paper-peles.pdf	Trust: 2.4
url:	https://alephsecurity.com/vulns/aleph-2015004	Trust: 2.2
url:	https://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2015-2003	Trust: 0.8
url:	https://nvd.nist.gov/vuln/detail/cve-2015-2003	Trust: 0.8

sources: CNVD: CNVD-2018-08096 // JVNDB: JVNDB-2015-008173 // CNNVD: CNNVD-201803-1122 // NVD: CVE-2015-2003

SOURCES

db:	CNVD	id:	CNVD-2018-08096
db:	JVNDB	id:	JVNDB-2015-008173
db:	CNNVD	id:	CNNVD-201803-1122
db:	NVD	id:	CVE-2015-2003

LAST UPDATE DATE

2024-11-23T22:45:25.995000+00:00

SOURCES UPDATE DATE

db:	CNVD	id:	CNVD-2018-08096	date:	2018-04-23T00:00:00
db:	JVNDB	id:	JVNDB-2015-008173	date:	2018-05-28T00:00:00
db:	CNNVD	id:	CNNVD-201803-1122	date:	2018-03-30T00:00:00
db:	NVD	id:	CVE-2015-2003	date:	2024-11-21T02:26:34.690

SOURCES RELEASE DATE

db:	CNVD	id:	CNVD-2018-08096	date:	2018-04-23T00:00:00
db:	JVNDB	id:	JVNDB-2015-008173	date:	2018-05-28T00:00:00
db:	CNNVD	id:	CNNVD-201803-1122	date:	2018-03-30T00:00:00
db:	NVD	id:	CVE-2015-2003	date:	2018-03-29T18:29:00.840