CVE Vulnerability

CVE-2021-21375

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP version 2.10 and earlier, after an initial INVITE has been sent, when two 183 responses are received, with the first one causing negotiation failure, a crash will occur. This results in a denial of service.

4.3 /10

CVSS v2.0 :

V3 Legend

Vector :

Exploitability : 8.6 / Impact : 2.9

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

Scope

6.5 /10

CVSS v3.0 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References
Link Resource
https://github.com/pjsip/pjproject/commit/97b3d7addbaa720b7ddb0af9bf6f3e443e664365 Patch Third Party Advisory
https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp Exploit Patch
https://lists.debian.org/debian-lts-announce/2021/04/msg00023.html Mailing List Third Party Advisory
https://lists.debian.org/debian-lts-announce/2021/05/msg00020.html Mailing List Third Party Advisory
https://security.gentoo.org/glsa/202107-42 Third Party Advisory
Configurations

Configuration 1

cpe:2.3:a:teluu:pjsip:*:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Information

Published : 2021-03-10 11:15

Updated : 2022-10-21 10:40

NVD link : CVE-2021-21375

Mitre link : CVE-2021-21375

Products Affected
No products.
CWE
CWE-754