Description
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP version 2.10 and earlier, after an initial INVITE has been sent, when two 183 responses are received, with the first one causing negotiation failure, a crash will occur. This results in a denial of service.
References (5)
Core 5
Core References
Exploit, Patch, Third Party Advisory x_refsource_confirm
https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp
Patch, Third Party Advisory x_refsource_misc
https://github.com/pjsip/pjproject/commit/97b3d7addbaa720b7ddb0af9bf6f3e443e664365
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/04/msg00023.html
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/05/msg00020.html
Third Party Advisory vendor-advisory
x_refsource_gentoo
https://security.gentoo.org/glsa/202107-42
Scores
CVSS v3
6.5
EPSS
0.0131
EPSS Percentile
79.9%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Details
CWE
CWE-754
CWE-400
Status
published
Products (2)
debian/debian_linux
9.0
teluu/pjsip
< 2.10
Published
Mar 10, 2021
Tracked Since
Feb 18, 2026