Vulnerability Description
Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Teluu | Pjsip | <= 2.7.1 |
| Debian | Debian Linux | 9.0 |
Related Weaknesses (CWE)
References
- https://trac.pjsip.org/repos/milestone/release-2.7.2Vendor Advisory
- https://trac.pjsip.org/repos/ticket/2093Vendor Advisory
- https://www.debian.org/security/2018/dsa-4170Third Party Advisory
- https://trac.pjsip.org/repos/milestone/release-2.7.2Vendor Advisory
- https://trac.pjsip.org/repos/ticket/2093Vendor Advisory
- https://www.debian.org/security/2018/dsa-4170Third Party Advisory
FAQ
What is CVE-2018-1000098?
CVE-2018-1000098 is a vulnerability with a CVSS score of 7.5 (HIGH). Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted me...
How severe is CVE-2018-1000098?
CVE-2018-1000098 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2018-1000098?
Check the references section above for vendor advisories and patch information. Affected products include: Teluu Pjsip, Debian Debian Linux.