CVE-2017-16872Improper Restriction of Operations within the Bounds of a Memory Buffer in Pjsip

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents4 sources
Severity
9.8CRITICALNVD
EPSS
0.9%
top 24.85%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Teluu PjsipPjsip PjprojectDebian Linux
Timeline
PublishedNov 17
Latest updateMar 24

Description

An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. Parsing the numeric header fields in a SIP message (like cseq, ttl, port, etc.) all had the potential to overflow, either causing unintended values to be captured or, if the values were subsequently converted back to strings, a buffer overrun. This will lead to a potential exploit using carefully crafted invalid values.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages2 packages

NVDteluu/pjsip< 2.7.1
Ubuntupjsip/pjproject< 2.1.0.0.ast20130823-1+deb8u1ubuntu0.1~esm1+1

Also affects: Debian Linux 9.0

🔴Vulnerability Details

3
OSV
pjproject vulnerabilities2026-03-24
GHSA
GHSA-7v77-w3mx-vv3x: An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 22022-05-13
OSV
CVE-2017-16872: An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 22017-11-17

📋Vendor Advisories

1
Ubuntu
PJSIP vulnerabilities2026-03-24
CVE-2017-16872 — Teluu Pjsip vulnerability | cvebase