CVE-2017-16875

September 2, 2021

An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. Such double key unregistration will trigger an integer overflow, which may cause ioqueue backends to reject future key registrations.

Summary:

An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. Such double key unregistration will trigger an integer overflow, which may cause ioqueue backends to reject future key registrations.

Reference Links(if available):

  • https://trac.pjsip.org/repos/ticket/2055
  • https://trac.pjsip.org/repos/milestone/release-2.7.1
  • https://www.debian.org/security/2018/dsa-4170

  • CVSS Score (if available)

    v2: / MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P

    v3: / HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

    Links to Exploits(if available)

  • You may have missed

    image

    [DRAGONFORCE] – Ransomware Victim: SUSTA S[.]r[.]l[.]

    November 18, 2024
    image

    [MEDUSA] – Ransomware Victim: Maxeon

    November 18, 2024
    image

    [BLACKSUIT] – Ransomware Victim: eastgateauto[.]com

    November 18, 2024
    image

    [ELDORADO] – Ransomware Victim: LA LUCKY Brand

    November 18, 2024
    image

    [BLACKSUIT] – Ransomware Victim: kciaviation[.]com

    November 18, 2024