CVE-2021-21375

Name
CVE-2021-21375
Description
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP version 2.10 and earlier, after an initial INVITE has been sent, when two 183 responses are received, with the first one causing negotiation failure, a crash will occur. This results in a denial of service.
NVD Severity
medium
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
Patch https://github.com/pjsip/pjproject/commit/97b3d7addbaa720b7ddb0af9bf6f3e443e664365
Exploit https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp
MLIST https://lists.debian.org/debian-lts-announce/2021/04/msg00023.html
Mailing List https://lists.debian.org/debian-lts-announce/2021/05/msg00020.html
Third Party Advisory https://security.gentoo.org/glsa/202107-42

Match rules

CPE URI Source package Min version Max version
cpe:2.3:a:teluu:pjsip:*:*:*:*:*:*:*:* pjsip >= None <= 2.1.0
cpe:2.3:a:teluu:pjsip:*:*:*:*:*:*:*:* pjsip >= None <= 2.10

Vulnerable and fixed packages

Source package Branch Version Maintainer Status