CyberSec.Space Logo
Back to CVE Browser

CVE-2017-16872

CRITICAL
9.8
CVSS Severity Score
EPSS Score0.1520%
EPSS Percentile23.24th
PublishedNov 17, 2017
Last ModifiedMay 13, 2026

Vulnerability Description

An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message (like cseq, ttl, port, etc.) all had the potential to overflow, either causing unintended values to be captured or, if the values were subsequently converted back to strings, a buffer overrun. This will lead to a potential exploit using carefully crafted invalid values.

Affected Platforms (CPE)

πŸ“¦
Teluu

Pjsip

< 2.7.1
πŸ’»
Debian

Debian Linux

= 9.0

References & Advisories

πŸ”— https://trac.pjsip.org/repos/milestone/release-2.7.1
πŸ”— https://trac.pjsip.org/repos/ticket/2056
πŸ”— https://www.debian.org/security/2018/dsa-4170
πŸ”— https://trac.pjsip.org/repos/milestone/release-2.7.1
πŸ”— https://trac.pjsip.org/repos/ticket/2056
πŸ”— https://www.debian.org/security/2018/dsa-4170

Related Vulnerabilities

CVE-2015-20039.8

The PJSIP PJSUA2 SDK before SVN Changeset 51322 for Android might allow attackers to execute arbitrary code by leveraging a finali...

CVE-2021-438458.2

PJSIP is a free and open source multimedia communication library. In version 2.11.1 and prior, if incoming RTCP XR message contain...

CVE-2014-84137.5

The res_pjsip_acl module in Asterisk Open Source 12.x before 12.7.1 and 13.x before 13.0.1 does not properly create and load ACLs ...

CVE-2019-189767.5

An issue was discovered in res_pjsip_t38.c in Sangoma Asterisk through 13.x and Certified Asterisk through 13.21-x. If it receives...