Security advisory: ProCall Enterprise webrtc third_party boringssl CVE-2022-0778
Description
The BN_mod_sqrt() function, which computes a modular square root, contains a bug that can cause it to loop forever for non-prime moduli. For further technical details see https://nvd.nist.gov/vuln/detail/CVE-2022-0778
Affected versions
This vulnerability affects all previously released versions of ProCall 7 Enterprise and ProCall 6 Enterprise.
- 7.0, 7.1, 7.2, 7.3 (all sub-versions)
- 6.0, 6.1, 6.2, 6.3, 6.4 (all sub-versions)
- ProCall 5 Enterprise
ProCall Business
- 21H2
Versions with bug fixes
estos is preparing updates with fixes for the vulnerability. Customers and partners can then obtain the updates via the known channels and follow the normal update process:
- ProCall Enterprise 7.4.0 Released on 29/3/2022
- ProCall Enterprise 6.4.25: Released on 12/4/2022
- ProCall Business 22H1: Released on 28/4/2022
No solution available
It is recommended to stop using the affected components publicly on the internet or to upgrade to a current version. Please contact your partner about this.
- ProCall 5 Enterprise
End-of-life
Please note the following: If you are using older estos product versions that are no longer supported (End-of-Life has been reached), we strongly recommend updating your software to the current versions for security reasons.
This is because security patches are only regularly developed and made available for current software versions.