← Volver a CVEs
CVE-2021-21375
MEDIUM6.5
Descripcion
PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP version 2.10 and earlier, after an initial INVITE has been sent, when two 183 responses are received, with the first one causing negotiation failure, a crash will occur. This results in a denial of service.
Detalles CVE
Puntuacion CVSS v3.16.5
SeveridadMEDIUM
Vector CVSSCVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Vector de ataqueNETWORK
ComplejidadLOW
Privilegios requeridosNONE
Interaccion usuarioREQUIRED
Publicado3/10/2021
Ultima modificacion11/21/2024
Fuentenvd
Avistamientos honeypot0
Productos afectados
debian:debian_linuxteluu:pjsip
Debilidades (CWE)
CWE-400CWE-754
Referencias
https://github.com/pjsip/pjproject/commit/97b3d7addbaa720b7ddb0af9bf6f3e443e664365(security-advisories@github.com)
https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp(security-advisories@github.com)
https://lists.debian.org/debian-lts-announce/2021/04/msg00023.html(security-advisories@github.com)
https://lists.debian.org/debian-lts-announce/2021/05/msg00020.html(security-advisories@github.com)
https://security.gentoo.org/glsa/202107-42(security-advisories@github.com)
https://github.com/pjsip/pjproject/commit/97b3d7addbaa720b7ddb0af9bf6f3e443e664365(af854a3a-2127-422b-91ae-364da2661108)
https://github.com/pjsip/pjproject/security/advisories/GHSA-hvq6-f89p-frvp(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/04/msg00023.html(af854a3a-2127-422b-91ae-364da2661108)
https://lists.debian.org/debian-lts-announce/2021/05/msg00020.html(af854a3a-2127-422b-91ae-364da2661108)
https://security.gentoo.org/glsa/202107-42(af854a3a-2127-422b-91ae-364da2661108)
Correlaciones IOC
Sin correlaciones registradas
This product uses data from the NVD API but is not endorsed or certified by the NVD.