Lucene search
+L

193 matches found

RedhatCVE
RedhatCVE
added 2026/04/28 8:35 a.m.10 views

CVE-2026-41416

A flaw was found in PJSIP, a free and open-source multimedia communication library. A remote attacker could exploit an integer overflow vulnerability when processing a crafted Session Description Protocol SDP message with asymmetric ptime configuration. This overflow leads to an undersized buffer...

9.3CVSS5.9AI score0.00279EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/04/24 6:40 p.m.4 views

CVE-2026-41416

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer overflow in media stream buffer size calculation when processing SDP with asymmetric ptime configuration. The overflow may result in an undersized buffer allocation, which can...

9.3CVSS5.8AI score0.00279EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/04/24 6:40 p.m.39 views

CVE-2026-41416 PJSIP: Asymmetric ptime integer overflow in Media Stream

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer overflow in media stream buffer size calculation when processing SDP with asymmetric ptime configuration. The overflow may result in an undersized buffer allocation, which can...

9.3CVSS0.00279EPSS
Exploits0References2
OSV
OSV
added 2026/04/24 6:40 p.m.4 views

CVE-2026-41416 PJSIP: Asymmetric ptime integer overflow in Media Stream

PJSIP is a free and open source multimedia communication library written in C. In 2.16 and earlier, there is an integer overflow in media stream buffer size calculation when processing SDP with asymmetric ptime configuration. The overflow may result in an undersized buffer allocation, which can...

9.3CVSS6.2AI score0.00279EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/04/24 12:0 a.m.15 views

PJSIP 输入验证错误漏洞

PJSIP is an open-source, free and open-source multimedia communication library developed in C language. It implements standards-based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. Versions of PJSIP 2.16 and earlier contained a vulnerability related to input validation errors. This...

9.3CVSS5.9AI score0.00279EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/04/24 12:0 a.m.11 views

PT-2026-35059

Name of the Vulnerable Software and Affected Versions PJSIP versions prior to 2.17 Description An integer overflow occurs in the media stream buffer size calculation when processing Session Description Protocol SDP with asymmetric ptime configuration. This overflow can lead to an undersized buffe...

9.3CVSS5.7AI score0.00279EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2026/04/14 8:2 a.m.7 views

netfilter: nf_conntrack_sip: fix use of uninitialized rtp_addr in process_sdp

...

7.8CVSS6.2AI score0.0012EPSS
Exploits0
RedhatCVE
RedhatCVE
added 2026/04/13 5:25 p.m.12 views

CVE-2026-31427

A flaw was found in the Linux kernel's netfilter subsystem, specifically within the nfconntracksip module. This vulnerability occurs in the processsdp function when the rtpaddr variable is used without proper initialization if the Session Description Protocol SDP body lacks recognized media types...

5.8CVSS5.9AI score0.0012EPSS
Exploits0References4
EUVD
EUVD
added 2026/04/13 3:31 p.m.5 views

EUVD-2026-21954

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: fix use of uninitialized rtpaddr in processsdp processsdp declares union nfinetaddr rtpaddr on the stack and passes it to the nfnatsip sdpsession hook after walking the SDP media descriptions. However...

5.7AI score0.0012EPSS
Exploits0References7
OSV
OSV
added 2026/04/13 2:16 p.m.6 views

UBUNTU-CVE-2026-31427

In the Linux kernel, the following vulnerability has been resolved: netfilter: nfconntracksip: fix use of uninitialized rtpaddr in processsdp processsdp declares union nfinetaddr rtpaddr on the stack and passes it to the nfnatsip sdpsession hook after walking the SDP media descriptions. However...

5.5CVSS6AI score0.0012EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/04/13 12:0 a.m.6 views

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the processsdp function using an uninitialized rtpaddr, potentially leading to incorrect rewriting of S...

5.5CVSS5.8AI score0.0012EPSS
Exploits0References6
Tenable Nessus
Tenable Nessus
added 2026/03/25 12:0 a.m.6 views

Ubuntu 16.04 LTS / 18.04 LTS : PJSIP vulnerabilities (USN-8122-1)

The remote Ubuntu 16.04 LTS / 18.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-8122-1 advisory. Youngsung Kim discovered that PJSIP did not properly parse numeric header fields in SIP messages. A remote attacker could use this issue to...

9.8CVSS6.2AI score0.0462EPSS
Exploits4References15
NVD
NVD
added 2026/03/20 9:16 a.m.9 views

CVE-2026-33069

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading out-of-bounds heap read in pjsipmultipartparse. After boundary string matching, curptr is advanced past the delimiter without verifying it has not reached the buffer end. This...

7.5CVSS0.0026EPSS
Exploits0References2
OSV
OSV
added 2026/03/20 9:16 a.m.6 views

ALPINE-CVE-2026-33069

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading out-of-bounds heap read in pjsipmultipartparse. After boundary string matching, curptr is advanced past the delimiter without verifying it has not reached the buffer end. This...

7.5CVSS5.6AI score0.0026EPSS
Exploits0References1
UbuntuCve
UbuntuCve
added 2026/03/20 9:16 a.m.3 views

CVE-2026-33069

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading out-of-bounds heap read in pjsipmultipartparse. After boundary string matching, curptr is advanced past the delimiter without verifying it has not reached the buffer end. This...

7.5CVSS6AI score0.0026EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/20 8:21 a.m.3 views

CVE-2026-33069

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading out-of-bounds heap read in pjsipmultipartparse. After boundary string matching, curptr is advanced past the delimiter without verifying it has not reached the buffer end. This...

6.9CVSS6AI score0.0026EPSS
Exploits0References3Affected Software1
Debian CVE
Debian CVE
added 2026/03/20 8:21 a.m.6 views

CVE-2026-33069

PJSIP is a free and open source multimedia communication library written in C. Versions 2.16 and below have a cascading out-of-bounds heap read in pjsipmultipartparse. After boundary string matching, curptr is advanced past the delimiter without verifying it has not reached the buffer end. This...

7.5CVSS5.5AI score0.0026EPSS
Exploits0
NVD
NVD
added 2026/01/21 8:16 p.m.7 views

CVE-2025-68136

EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like Session, IConnection which open new TCP socket for the ISO15118-20 communications and registers callbacks for the created file descriptor, witho...

7.4CVSS0.00266EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/01/21 7:18 p.m.26 views

CVE-2025-68136 EVerest's inadequate session handling can lead to memory-related errors or exhaustion of the operating system’s file descriptors, resulting in a denial of service

EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like Session, IConnection which open new TCP socket for the ISO15118-20 communications and registers callbacks for the created file descriptor, witho...

7.4CVSS0.00266EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/01/21 7:18 p.m.5 views

CVE-2025-68136

EVerest is an EV charging software stack. Prior to version 2025.10.0, once the module receives a SDP request, it creates a whole new set of objects like Session, IConnection which open new TCP socket for the ISO15118-20 communications and registers callbacks for the created file descriptor, witho...

7.4CVSS5.3AI score0.00266EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder