93 matches found
PJSIP Teluu pjproject pjlib and pjlib-util Buffer Overflow Vulnerability
PJSIP is an open source, free multimedia communication library written in C. Teluu pjproject pjlib is one of the small framework libraries; pjlib-util is one of the auxiliary tool libraries . An integer overflow vulnerability exists in Teluu pjproject pjlib and pjlib-util in versions of PJSIP pri...
MGASA-2017-0368 Updated pjproject packages fix security vulnerabilities
Two vulnerabilities were found in the PJSIP/PJProject communication library, which may result in denial of service CVE-2017-9359, CVE-2017-9372...
Updated pjproject packages fix security vulnerabilities
Two vulnerabilities were found in the PJSIP/PJProject communication library, which may result in denial of service CVE-2017-9359, CVE-2017-9372...
asterisk -- Buffer overflow in pjproject header parsing can cause crash in Asterisk
The Asterisk project reports: By carefully crafting invalid values in the Cseq and the Via header port, pjprojects packet parsing code can create strings larger than the buffer allocated to hold them. This will usually cause Asterisk to crash immediately. The packets do not have to be authenticat...
Debian DSA-3933-1 : pjproject - security update
Two vulnerabilities were found in the PJSIP/PJProject communication library, which may result in denial of service. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security Advisory DSA-3933. The text itself is...
[SECURITY] [DSA 3933-1] pjproject security update
------------------------------------------------------------------------- Debian Security Advisory DSA-3933-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff August 10, 2017 https://www.debian.org/security/faq -...
DSA-3933-1 pjproject - security update
Bulletin has no description...
Debian: Security Advisory (DSA-3933-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
FreeBSD : asterisk -- Buffer Overrun in PJSIP transaction layer (0537afa3-3ce0-11e7-bf9d-001999f8d30b)
The Asterisk project reports : A remote crash can be triggered by sending a SIP packet to Asterisk with a specially crafted CSeq header and a Via header with no branch parameter. The issue is that the PJSIP RFC 2543 transaction key generation algorithm does not allocate a large enough buffer. By...
asterisk -- Buffer Overrun in PJSIP transaction layer
The Asterisk project reports: A remote crash can be triggered by sending a SIP packet to Asterisk with a specially crafted CSeq header and a Via header with no branch parameter. The issue is that the PJSIP RFC 2543 transaction key generation algorithm does not allocate a large enough buffer. By...
Asterisk PJProject TCP Connection DoS (AST-2016-005)
According to its SIP banner, the version of Asterisk running on the remote host is either 13.x prior to 13.8.1 or 13.1-cert prior to 13.1-cert5. It is, therefore, affected by a flaw in PJProject due to a failure to close TCP connections after receiving new ones. An unauthenticated, remote attacke...
FreeBSD : PJSIP -- TCP denial of service in PJProject (e21474c6-031a-11e6-aa86-001999f8d30b)
The Asterisk project reports : PJProject has a limit on the number of TCP connections that it can accept. Furthermore, PJProject does not close TCP connections it accepts. By default, this value is approximately 60. An attacker can deplete the number of allowed TCP connections by opening TCP...
PJSIP -- TCP denial of service in PJProject
The Asterisk project reports: PJProject has a limit on the number of TCP connections that it can accept. Furthermore, PJProject does not close TCP connections it accepts. By default, this value is approximately 60. An attacker can deplete the number of allowed TCP connections by opening TCP...