Lucene search
+L
TeluuPjsip

32 matches found

CVE
CVE
added 2022/02/22 12:0 a.m.194 views

CVE-2022-23608

CVE-2022-23608 affects PJSIP/pjproject up to version 2.11.1. In a dialog set (or forking) scenario, a hash key shared by multiple UAC dialogs can be prematurely freed when a dialog is destroyed, causing the same dialog set to be registered in the hash table multiple times with different hash keys...

9.8CVSS8.7AI score0.04055EPSS
CVE
CVE
added 2022/02/16 12:0 a.m.193 views

CVE-2021-43300

CVE-2021-43300 describes a stack-buffer overflow in the PJSUA API’s pjsua_recorder_create due to an attacker-controlled filename being copied into a fixed-size stack buffer without size validation. The vulnerability is present in the embedded pjproject used by Ring. Public advisories (Debian/Ubun...

9.8CVSS9.4AI score0.02376EPSS
CVE
CVE
added 2022/01/27 12:0 a.m.186 views

CVE-2022-21723

CVE-2022-21723 affects PJSIP (pjproject) up to version 2.11.1. The issue arises when parsing an incoming SIP message that contains a malformed multipart, which can lead to an out-of-bounds read access. The vulnerability impacts all PJSIP users that accept SIP multipart. A patch has been committed...

9.1CVSS9.3AI score0.04478EPSS
CVE
CVE
added 2021/07/23 12:0 a.m.185 views

CVE-2021-32686

CVE-2021-32686 affects the PJSIP pjproject library prior to 2.11.1. The issue is a race condition in the SSL socket: (1) the accepted socket lacks a group lock, causing a race between callback and destroy, and (2) the SSL socket parent/listener may be destroyed during TLS handshake. These intermi...

5.9CVSS5.8AI score0.02082EPSS
CVE
CVE
added 2022/02/16 12:0 a.m.174 views

CVE-2021-43301

CVE-2021-43301 is a stack buffer overflow in the PJSUA API (pjproject) when calling pjsua_playlist_create. An attacker-controlled file_names argument is copied to a fixed-size stack buffer without size validation, potentially allowing memory corruption. Connected documents indicate this affects t...

9.8CVSS9.4AI score0.02376EPSS
CVE
CVE
added 2022/02/16 12:0 a.m.172 views

CVE-2021-43299

CVE-2021-43299 is a stack-based buffer overflow in the PJSUA API (embedded pjproject within ring) triggered by an attacker-controlled filename passed to pjsua_player_create. The overflow occurs when the filename is copied into a fixed-size stack buffer without size validation. Public documents in...

9.8CVSS9.5AI score0.02514EPSS
CVE
CVE
added 2023/03/14 12:0 a.m.166 views

CVE-2023-27585

Summary: CVE-2023-27585 affects the PJSIP DNS resolver in the pjproject library. The vulnerability is a buffer overflow in the parsing of DNS query records (parse_query()) for versions 2.13 and earlier. Impact: as described, it can cause a crash (availability impact) with no confidentiality/integ...

7.5CVSS7.5AI score0.0233EPSS
CVE
CVE
added 2022/02/16 12:0 a.m.165 views

CVE-2021-43302

The CVE-2021-43302 issue is documented in connected advisories as a vulnerability in Ring (which includes an embedded copy of pjproject). The flaw allows an attacker-controlled filename argument to be copied into a fixed-size stack buffer in the PJSUA API (pjsua_recorder_create), potentially caus...

9.1CVSS9.1AI score0.02198EPSS
CVE
CVE
added 2022/02/16 12:0 a.m.162 views

CVE-2021-43303

CVE-2021-43303 affects ring (embedded pjproject). A buffer overflow in the PJSUA API when calling pjsua_call_dump is caused by an attacker-controlled buffer argument; if the output buffer is smaller than 128 characters, it can overflow despite maxlen. Debian and Ubuntu advisories (DLA-3887, USN-6...

9.8CVSS9.5AI score0.02376EPSS
CVE
CVE
added 2022/03/11 12:0 a.m.157 views

CVE-2022-24754

The CVE-2022-24754 entry concerns PJSIP (pjproject) embedded in Ring. A stack-buffer overflow affects PJSIP users that accept hashed digest credentials (data_type PJSIP_CRED_DATA_DIGEST) in versions up to 2.12. The issue is resolved in the master branch and will be included in the next release; u...

9.8CVSS9.2AI score0.02065EPSS
CVE
CVE
added 2022/03/22 12:0 a.m.156 views

CVE-2022-24764

Summary (CVE-2022-24764) : The PJSIP/pjproject library (versions ≤ 2.12) contains a stack buffer overflow in the functions pjmedia_sdp_print() and pjmedia_sdp_media_print(), affecting applications using PJSUA2 or calling those APIs. A patch exists on the master branch of the pjsip/pjproject GitHu...

7.5CVSS8.8AI score0.02303EPSS
CVE
CVE
added 2021/12/22 12:0 a.m.155 views

CVE-2021-37706

CVE-2021-37706 affects the pjproject/PJSIP stack embedded in various products. If an incoming STUN message contains an ERROR-CODE attribute, the code path does not check the header length before a subtraction, enabling an integer underflow that could let a malicious actor remotely execute code vi...

9.8CVSS8.6AI score0.0462EPSS
CVE
CVE
added 2022/01/27 12:0 a.m.153 views

CVE-2022-21722

CVE-2022-21722 affects PJPROJECT (PJMEDIA) used by PJSCI/PJSIP. In 2.11.1 and earlier, certain incoming RTP/RTCP packets can cause out-of-bounds read access due to multiple code paths; this impacts users accepting RTP/RTCP streams. A patch is available as a commit in the master branch. There are ...

9.1CVSS9.3AI score0.02405EPSS
CVE
CVE
added 2023/10/06 1:46 p.m.147 views

CVE-2023-38703

CVE-2023-38703 affects the PJSIP library when SRTP is enabled and the underlying transport is not UDP. The issue is a use-after-free in the higher-level SRTP path that is not synchronized with the lower transport, potentially causing memory corruption or application termination. The description n...

9.8CVSS9.4AI score0.0128EPSS
CVE
CVE
added 2022/04/25 12:0 a.m.144 views

CVE-2022-24792

CVE-2022-24792 affects the PJSIP library (32-bit systems) and prior releases (up to 2.12). The issue arises when reading WAV file data chunks with lengths exceeding 31-bit integers, which can trigger a denial-of-service condition. The vulnerability does not affect 64-bit apps and may not impact a...

7.5CVSS7.5AI score0.0184EPSS
CVE
CVE
added 2022/03/30 12:0 a.m.136 views

CVE-2022-24763

CVE-2022-24763 : PJSIP (PJPROJECT) versions up to and including 2.12 contain a denial‑of‑service vulnerability in XML parsing. The issue could allow an attacker to crash the application, impacting availability. The impact is supported by CVSS v3.1 (base score 7.5, Network attack, no privileges, n...

7.5CVSS8.4AI score0.02039EPSS
CVE
CVE
added 2021/12/27 12:0 a.m.119 views

CVE-2021-43845

CVE-2021-43845 affects the PJPROJECT/JAMI stack used by PJMEDIA. In version 2.11.1 and earlier, processing of incoming RTCP XR messages with a block may not validate the data field against the packet size, potentially enabling out-of-bounds reads. Debian/DSA/DLA entries note fixes in ring (embedd...

9.1CVSS8.8AI score0.03722EPSS
CVE
CVE
added 2021/03/10 10:30 p.m.118 views

CVE-2021-21375

CVE-2021-21375 affects the pjproject/PJSIP library (versions 2.10 and earlier). The issue arises after an initial INVITE when two 183 responses are received and the first triggers negotiation failure, causing a crash and a denial of service. Mitigation: upgrade to patched pjproject/PJSIP (per GLS...

6.5CVSS6.5AI score0.02088EPSS
CVE
CVE
added 2021/12/22 12:0 a.m.118 views

CVE-2021-43804

CVE-2021-43804 affects the PJPROJECT/PJSIP stack, specifically PJMEDIA/RTCP. The flaw arises when an incoming RTCP BYE message declares a reason length that isn’t checked against the actual packet size, enabling an out-of-bounds read. The documents consistently describe this as the root cause and...

7.5CVSS8.1AI score0.02192EPSS
CVE
CVE
added 2022/06/07 12:0 a.m.114 views

CVE-2022-31031

CVE-2022-31031 affects PJSIP (pjproject) up to version 2.12.1. Root cause: a stack-based buffer overflow when using STUN (via STUN server config or pjlib-util/stun_simple). A patch exists in commit 450baca and should be included in the next release; no workaround is documented. Upgrade to a relea...

9.8CVSS9.6AI score0.01809EPSS
CVE
CVE
added 2021/03/10 10:30 p.m.112 views

CVE-2020-15260

CVE-2020-15260 concerns the PJSIP library. In versions up to 2.10, TLS connections may be reused if they share the same IP, port, and protocol, without proper remote hostname authentication. This can allow an attacker to leverage DNS or routing to force a TLS connection to a different hostname th...

6.8CVSS6.6AI score0.00991EPSS
CVE
CVE
added 2022/10/06 12:0 a.m.111 views

CVE-2022-39269

CVE-2022-39269 (PJSIP) affects the PJSIP library. When processing certain packets, PJSIP may switch from SRTP to basic RTP upon SRTP restart, causing media to be sent insecurely. Root cause: SRTP restart handling can drop secure transport, exposing confidentiality and integrity. Impact per source...

9.1CVSS9.2AI score0.00558EPSS
CVE
CVE
added 2022/01/04 12:0 a.m.106 views

CVE-2021-41141

CVE-2021-41141 affects PJSIP PJPROJECT. Root cause: in multiple code paths, errors/failures cause a function to return without releasing held locks, potentially deadlocking the system and causing denial of service. Affected versions: all up to and including 2.11.1. Mitigation: upgrades fixed in a...

7.8CVSS6.3AI score0.01367EPSS
CVE
CVE
added 2022/12/20 6:50 p.m.99 views

CVE-2022-23537

CVE-2022-23537 affects the pjproject family (PJSIP/PJNATH) used for STUN processing. The issue is a buffer overread that occurs when parsing a specially crafted STUN message containing an unknown attribute, as described in the CVE entry. The vulnerability applies to applications using STUN featur...

9.8CVSS7.8AI score0.01026EPSS
CVE
CVE
added 2017/11/17 9:0 a.m.89 views

CVE-2017-16872

CVE-2017-16872 affects Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The issue arises when parsing numeric SIP header fields (e.g., CSeq, ttl, port); values can overflow and may be captured incorrectly or cause a buffer overrun if converted back to strings, enabling a potential ex...

9.8CVSS9.3AI score0.034EPSS
CVE
CVE
added 2018/03/13 1:0 a.m.72 views

CVE-2018-1000099

CVE-2018-1000099 affects Teluu PJSIP up to version 2.7.1, where a null/uninitialized pointer vulnerability in pjmedia SDP parsing can crash a system. Exploitation is tied to processing specially crafted SDP messages; the issue is stated to be fixed in PJSIP 2.7.2. Connected advisories reference D...

7.5CVSS7.5AI score0.0354EPSS
CVE
CVE
added 2017/11/17 4:0 p.m.67 views

CVE-2017-16875

CVE-2017-16875 affects Teluu pjproject (PJLIB/PJLIB-UTIL) in PJSIP prior to 2.7.1. The ioqueue component may perform a double key unregistration after a crafted socket sequence, triggering an integer overflow that can cause ioqueue backends to reject future key registrations. Affected software is...

7.5CVSS7.7AI score0.03298EPSS
CVE
CVE
added 2018/03/13 1:0 a.m.65 views

CVE-2018-1000098

Teluu PJSIP (Teluu PJProject) vulnerability CVE-2018-1000098: an Integer Overflow in the pjmedia SDP parser affects version 2.7.1 and earlier, potentially causing a crash when handling a specially crafted message. The issue has been fixed in version 2.7.2. Affected products are PJSIP/PJProject bu...

7.5CVSS7.8AI score0.03463EPSS
CVE
CVE
added 2026/04/24 6:40 p.m.33 views

CVE-2026-41416

PJSIP (C library) has an integer overflow in the media stream buffer size calculation when processing SDP with asymmetric ptime configuration in versions 2.16 and earlier. This may lead to an undersized buffer and memory corruption or unexpected termination. The issue is fixed in version 2.17; up...

9.3CVSS5.8AI score0.00279EPSS
CVE
CVE
added 2026/04/24 6:38 p.m.31 views

CVE-2026-41415

PJSIP (the C library) contains CVE-2026-41415: in 2.16 and earlier, parsing a malformed Content-ID URI in a SIP multipart message body can trigger an out-of-bounds read due to insufficient length validation. Red Hat describes a potential denial-of-service impact and notes mitigation may not meet ...

9.1CVSS5.5AI score0.00308EPSS
CVE
CVE
added 2026/05/07 6:47 p.m.25 views

CVE-2026-42225

PJSIP’s GnuTLS-enabled SIP TLS transport (sip_transport_tls) in builds prior to version 2.17 can accept connections with invalid/untrusted certificates even when verify_server/verify_client are PJ_TRUE. The vulnerability arises from certificate verification being effectively skipped for those bui...

8.2CVSS5.7AI score0.00161EPSS
CVE
CVE
added 2026/03/31 3:36 p.m.20 views

CVE-2026-34235

CVE-2026-34235 affects the PJSIP library (C) prior to version 2.17, where the VP9 RTP unpacketizer has a heap out-of-bounds read when parsing crafted VP9 SS data. The vulnerability stems from insufficient bounds checking on the payload descriptor length, causing reads beyond the RTP payload buffe...

9.1CVSS5.8AI score0.00405EPSS