CVE-2017-16875 โ€” Pjsip vulnerability

5 documents4 sources
Severity
7.5HIGHNVD
OSV9.8
EPSS
0.5%
top 32.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Teluu PjsipPjsip Pjproject
Timeline
PublishedNov 17
Latest updateMar 24

Description

An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2.7.1. The ioqueue component may issue a double key unregistration after an attacker initiates a socket connection with specific settings and sequences. Such double key unregistration will trigger an integer overflow, which may cause ioqueue backends to reject future key registrations.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

โ–ถNVDteluu/pjsip< 2.7.1
โ–ถUbuntupjsip/pjproject< 2.1.0.0.ast20130823-1+deb8u1ubuntu0.1~esm1+1

๐Ÿ”ดVulnerability Details

3
OSV
pjproject vulnerabilitiesโ†—2026-03-24
โ–ถ
GHSA
GHSA-qw72-xqg4-c435: An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2โ†—2022-05-13
โ–ถ
OSV
CVE-2017-16875: An issue was discovered in Teluu pjproject (pjlib and pjlib-util) in PJSIP before 2โ†—2017-11-17
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Ubuntu
PJSIP vulnerabilitiesโ†—2026-03-24
โ–ถ
CVE-2017-16875 โ€” Teluu Pjsip vulnerability | cvebase