CVE-2021-21375 MEDIUM

CVE-2021-21375: Crash in receiving updated SDP answer after initial SDP negotiation failed

Vendor Pjsip
Product pjproject
Weakness CWE-400
Published March 10, 2021
Last update August 3, 2024

CVSS base score

6.5/10
Attack vector Network
Attack complexity Low
Privileges required None
User interaction Required
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

What the vulnerability does

01Description

PJSIP is a free and open source multimedia communication library written in C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In PJSIP version 2.10 and earlier, after an initial INVITE has been sent, when two 183 responses are received, with the first one causing negotiation failure, a crash will occur. This results in a denial of service.

Key dates

02Disclosure timeline

March 10, 2021 CVE published
August 3, 2024 Record updated