Vulnerability Description
An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. Such double key unregistration will trigger an integer overflow, which may cause ioqueue backends to reject future key registrations.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Teluu | Pjsip | < 2.7.1 |
References
- https://trac.pjsip.org/repos/milestone/release-2.7.1Release NotesVendor Advisory
- https://trac.pjsip.org/repos/ticket/2055Vendor Advisory
- https://www.debian.org/security/2018/dsa-4170
- https://trac.pjsip.org/repos/milestone/release-2.7.1Release NotesVendor Advisory
- https://trac.pjsip.org/repos/ticket/2055Vendor Advisory
- https://www.debian.org/security/2018/dsa-4170
FAQ
What is CVE-2017-16875?
CVE-2017-16875 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection wit...
How severe is CVE-2017-16875?
CVE-2017-16875 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-16875?
Check the references section above for vendor advisories and patch information. Affected products include: Teluu Pjsip.