PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP before version 2.11.1, there are a couple of issues found in the SSL socket. First, a race condition between callback and destroy, due to the accepted socket having no group lock. Second, the SSL socket parent/listener may get destroyed during handshake. Both issues were reported to happen intermittently in heavy load TLS connections. They cause a crash, resulting in a denial of service. These are fixed in version 2.11.1.
References
Link | Resource |
---|---|
https://github.com/pjsip/pjproject/commit/d5f95aa066f878b0aef6a64e60b61e8626e664cd | Patch Third Party Advisory |
https://github.com/pjsip/pjproject/pull/2716 | Patch Third Party Advisory |
https://github.com/pjsip/pjproject/releases/tag/2.11.1 | Release Notes Third Party Advisory |
https://github.com/pjsip/pjproject/security/advisories/GHSA-cv8x-p47p-99wr | Third Party Advisory |
https://lists.debian.org/debian-lts-announce/2022/03/msg00035.html | Mailing List Third Party Advisory |
https://security.gentoo.org/glsa/202210-37 | Third Party Advisory |
https://www.debian.org/security/2021/dsa-4999 | Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: GitHub_M
Published: 2021-07-23T00:00:00
Updated: 2022-10-31T00:00:00
Reserved: 2021-05-12T00:00:00
Link: CVE-2021-32686
JSON object: View
NVD Information
Status : Analyzed
Published: 2021-07-23T22:15:08.373
Modified: 2022-11-16T19:02:12.873
Link: CVE-2021-32686
JSON object: View
Redhat Information
No data.
CWE