An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. Such double key unregistration will trigger an integer overflow, which may cause ioqueue backends to reject future key registrations.
References
Link | Resource |
---|---|
https://trac.pjsip.org/repos/milestone/release-2.7.1 | Release Notes Vendor Advisory |
https://trac.pjsip.org/repos/ticket/2055 | Vendor Advisory |
https://www.debian.org/security/2018/dsa-4170 |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2017-11-17T16:00:00
Updated: 2018-04-11T09:57:01
Reserved: 2017-11-17T00:00:00
Link: CVE-2017-16875
JSON object: View
NVD Information
Status : Modified
Published: 2017-11-17T16:29:00.190
Modified: 2021-09-02T14:49:21.817
Link: CVE-2017-16875
JSON object: View
Redhat Information
No data.
CWE