Security advisory: ProCall Enterprise webrtc third_party boringssl CVE-2022-0778

Release date	25.03.2022
Reference	PROCALL-1886
Criticality	HIGH
CVSS-Score	7.3

Description

The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. For further technical details see https://nvd.nist.gov/vuln/detail/CVE-2022-0778

Affected versions

This vulnerability affects all previously released versions of ProCall 7 Enterprise and ProCall 6 Enterprise.

7.0, 7.1, 7.2, 7.3 (all sub-versions)
6.0, 6.1, 6.2, 6.3, 6.4 (all sub-versions)
ProCall 5 Enterprise

ProCall Business

21H2

Versions with bug fixes

estos is preparing updates with fixes for the vulnerability. Customers and partners can then obtain the updates via the known channels and follow the normal update process:

ProCall Enterprise 7.4.0 Released on 29/3/2022
ProCall Enterprise 6.4.25: Released on 12/4/2022
ProCall Business 22H1: Released on 28/4/2022

No solution available

It is recommended to stop using the affected components publicly on the internet or to upgrade to a current version. Please contact your partner about this.

ProCall 5 Enterprise

End-of-life

Please note the following: If you are using older estos product versions that are no longer supported (End-of-Life has been reached), we strongly recommend updating your software to the current versions for security reasons.
This is because security patches are only regularly developed and made available for current software versions.