Ubuntu.comUB:CVE-2021-41141CVE-2021-41141
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.002 Low
EPSS
Percentile
60.6%
PJSIP is a free and open source multimedia communication library written in
the C language implementing standard based protocols such as SIP, SDP, RTP,
STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs,
it is found that the function returns without releasing the currently held
locks. This could result in a system deadlock, which cause a denial of
service for the users. No release has yet been made which contains the
linked fix commit. All versions up to an including 2.11.1 are affected.
Users may need to manually apply the patch.
Notes
| Author | Note |
|---|---|
| alexmurray | ring contains an embedded copy of pjsip |
References
github.com/pjsip/pjproject/commit/1aa2c0e0fb60a1b0bf793e0d834073ffe50fb196
github.com/pjsip/pjproject/security/advisories/GHSA-8fmx-hqw7-6gmc
launchpad.net/bugs/cve/CVE-2021-41141
nvd.nist.gov/vuln/detail/CVE-2021-41141
security-tracker.debian.org/tracker/CVE-2021-41141
www.cve.org/CVERecord?id=CVE-2021-41141
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
7.8 High
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.002 Low
EPSS
Percentile
60.6%