Vulnerability CVE-2022-46871

Open christopheroger opened this issue 2 years ago • 0 comments

Prerequisites

These are MANDATORY, otherwise the issue will be automatically closed.

[x] I agree to fill this issue template.
[x] I have read the Troubleshooting Guide and Support Instructions.

Issue description

Hello, a vulnerability CVE-2022-46871 has been discovered a few month ago in the library libusrsctp:

https://security.snyk.io/vuln/SNYK-UNMANAGED-KURENTOLIBUSRSCTP-3244411 https://www.cve.org/CVERecord?id=CVE-2022-46871 https://security-tracker.debian.org/tracker/CVE-2022-46871

Informations are not very clear but it seems kurento's libusrsctp library is affected by this vulnerabilty (see in snyk's link)

Could you please confirm us if Kurento is affected or not by the CVE-2022-46871 vulnerability, and if yes, if a new release of the library is planned ?

Thank you

Context

How to reproduce?

Expected & current behavior

(Optional) Possible solution

Info about your environment

About Kurento Media Server

Apr 05 '23 14:04 christopheroger