CVSS: 6.5EPSS: 0%CPEs: 2EXPL: 1CVE-2021-21375 – Crash in receiving updated SDP answer after initial SDP negotiation failed
https://notcve.org/view.php?id=CVE-2021-21375
10 Mar 2021 — PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP version 2.10 and earlier, after an initial INVITE has been sent, when two 183 responses are received, with the first one causing negotiation failure, a crash will occur. This results in a denial of service. PJSIP es una biblioteca de comunicación multimedia de código abierto y gratuita escrita en lenguaje C que implementa protocolos... • https://github.com/pjsip/pjproject/commit/97b3d7addbaa720b7ddb0af9bf6f3e443e664365 • CWE-400: Uncontrolled Resource Consumption CWE-754: Improper Check for Unusual or Exceptional Conditions •
CVSS: 6.8EPSS: 0%CPEs: 1EXPL: 0CVE-2020-15260 – Existing TLS connections can be reused without checking remote hostname
https://notcve.org/view.php?id=CVE-2020-15260
10 Mar 2021 — PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In version 2.10 and earlier, PJSIP transport can be reused if they have the same IP address + port + protocol. However, this is insufficient for secure transport since it lacks remote hostname authentication. Suppose we have created a TLS connection to `sip.foo.com`, which has an IP address `100.1.1.1`. If we want to create a TLS connection ... • https://github.com/pjsip/pjproject/commit/67e46c1ac45ad784db5b9080f5ed8b133c122872 • CWE-295: Improper Certificate Validation CWE-297: Improper Validation of Certificate with Host Mismatch •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 0CVE-2018-1000098 – Debian Security Advisory 4170-1
https://notcve.org/view.php?id=CVE-2018-1000098
13 Mar 2018 — Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2. Teluu PJSIP, en versiones 2.7.1 y anteriores, contiene una vulnerabilidad de desbordamiento de enteros en el análisis SDP de pjmedia que puede resultar en un cierre inesperado. Este ataque parece ser explotable mediante el envío de un mensaje especi... • https://trac.pjsip.org/repos/milestone/release-2.7.2 • CWE-190: Integer Overflow or Wraparound •
CVSS: 7.5EPSS: 1%CPEs: 2EXPL: 0CVE-2018-1000099 – Debian Security Advisory 4170-1
https://notcve.org/view.php?id=CVE-2018-1000099
13 Mar 2018 — Teluu PJSIP version 2.7.1 and earlier contains a Access of Null/Uninitialized Pointer vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2. Teluu PJSIP, en versiones 2.7.1 y anteriores, contiene una vulnerabilidad de puntero null/no inicializado en el análisis SDP de pjmedia que puede resultar en un cierre inesperado. Este ataque parece ser explotable mediante el env... • https://trac.pjsip.org/repos/milestone/release-2.7.2 • CWE-824: Access of Uninitialized Pointer •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 0CVE-2017-16875 – Debian Security Advisory 4170-1
https://notcve.org/view.php?id=CVE-2017-16875
17 Nov 2017 — An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. Such double key unregistration will trigger an integer overflow, which may cause ioqueue backends to reject future key registrations. Se ha descubierto un error en Teluu pjproject (pjlib y pjlib-util) en PJSIP, en versiones anteriores a la 2.7.1. El componente ioqueue puede en... • https://trac.pjsip.org/repos/milestone/release-2.7.1 •
CVSS: 9.8EPSS: 0%CPEs: 2EXPL: 0CVE-2017-16872 – Debian Security Advisory 4170-1
https://notcve.org/view.php?id=CVE-2017-16872
17 Nov 2017 — An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message (like cseq, ttl, port, etc.) all had the potential to overflow, either causing unintended values to be captured or, if the values were subsequently converted back to strings, a buffer overrun. This will lead to a potential exploit using carefully crafted invalid values. Se ha descubierto un error en Teluu pjproject (pjlib y pjlib-util) en PJSIP, en versiones anteriores ... • https://trac.pjsip.org/repos/milestone/release-2.7.1 • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •