Lucene search
Debian Security Bug TrackerDEBIANCVE:CVE-2017-16872HistoryNov 17, 2017 - 9:29 a.m.
CVE-2017-16872
2017-11-1709:29:00
Debian Security Bug Tracker
security-tracker.debian.org
11
0.003 Low
EPSS
Percentile
68.9%
An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message (like cseq, ttl, port, etc.) all had the potential to overflow, either causing unintended values to be captured or, if the values were subsequently converted back to strings, a buffer overrun. This will lead to a potential exploit using carefully crafted invalid values.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Debian | 9 | all | pjproject | < 2.5.5~dfsg-6+deb9u1 | pjproject_2.5.5~dfsg-6+deb9u1_all.deb |
Related
cve
cve
CVE-2017-16872
2017-11-17 09:29:00
ubuntucve
ubuntucve
CVE-2017-16872
2017-11-17 00:00:00
osv
osv
CVE-2017-16872
2017-11-17 09:29:00
pjproject - security update
2018-04-09 00:00:00
cvelist
cvelist
CVE-2017-16872
2017-11-17 09:00:00
nvd
nvd
CVE-2017-16872
2017-11-17 09:29:00
prion
prion
Buffer overflow
2017-11-17 09:29:00
nessus
nessus
Debian DSA-4170-1 : pjproject - security update
2018-04-10 00:00:00
openvas
openvas
Debian: Security Advisory (DSA-4170-1)
2018-04-08 00:00:00
debian
debian
[SECURITY] [DSA 4170-1] pjproject security update
2018-04-09 21:00:25