Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2021-41141

PJSIP is a free and open source multimedia communication library written in the C language implementing standard based protocols such as SIP, SDP, RTP, STUN, TURN, and ICE. In various parts of PJSIP, when error/failure occurs, it is found that the function returns without releasing the currently held locks. This could result in a system deadlock, which cause a denial of service for the users. No release has yet been made which contains the linked fix commit. All versions up to an including 2.11.1 are affected. Users may need to manually apply the patch.

Published

2022-01-04T19:15:14.687

Last Modified

2024-11-21T06:25:34.640

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.9 (MEDIUM)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

  • Access Vector: NETWORK
  • Access Complexity: LOW
  • Authentication: NONE
  • Confidentiality Impact: NONE
  • Integrity Impact: NONE
  • Availability Impact: COMPLETE
Exploitability Score

10.0

Impact Score

6.9

Weaknesses
  • Type: Secondary
    CWE-667
  • Type: Primary
    CWE-667
Affected Vendors & Products
Type Vendor Product Version/Range Vulnerable?
Application teluu pjsip ≤ 2.11.1 Yes
Operating System debian debian_linux 9.0 Yes
References