CVE-2021-43300: 
NixOS vulnerability analysis and mitigation

Stack overflow vulnerability identified in PJSUA API when calling pjsua_recorder_create function. The vulnerability (CVE-2021-43300) was discovered in PJSIP versions 2.11.1 and below, with patches available in version 2.12 and later. The issue occurs when an attacker-controlled 'filename' argument is passed to the function, which may cause a buffer overflow since it is copied to a fixed-size stack buffer without any size validation (GitHub Advisory).

The vulnerability stems from improper buffer size validation in the PJSUA API. When calling pjsua_recorder_create(), the function copies the filename parameter to a fixed-size stack buffer without performing size validation checks. This oversight can lead to a buffer overflow condition. The vulnerability has been assigned a CVSS 3.1 base score of 9.8 (Critical), indicating high severity across confidentiality, integrity, and availability impacts (Ubuntu Security).

If successfully exploited, this vulnerability could allow an attacker to cause buffer overflow conditions, potentially leading to arbitrary code execution or denial of service. The issue affects applications that use the PJSUA API's recording functionality, particularly when handling user-supplied filenames (GitHub Advisory).

The vulnerability has been patched in PJSIP version 2.12 and later. As a workaround, applications should implement length validation for filename parameters before calling the affected API. The fix is available as commit d979253 in the master branch. Multiple Linux distributions have also released security updates to address this vulnerability, including Debian and Ubuntu (Debian LTS, Ubuntu Security).