CVE-2018-1000098
published 2018-03-13CVE-2018-1000098: Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be…
PriorityP339high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
3.46%
87.6th percentile
Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | debian_linux | — | — |
| pjsip | pjproject | >= 0 < 2.1.0.0.ast20130823-1+deb8u1ubuntu0.1~esm1 | 2.1.0.0.ast20130823-1+deb8u1ubuntu0.1~esm1 |
| pjsip | pjproject | >= 0 < 2.7.2~dfsg-1ubuntu0.1~esm1 | 2.7.2~dfsg-1ubuntu0.1~esm1 |
| teluu | pjsip | <= 2.7.1 | — |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv9.8CRITICAL
vendor_ubuntu9.8CRITICAL
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
PJSIP vulnerabilities
vendor_ubuntu·2026-03-24·CVSS 9.8
CVE-2020-15260 [CRITICAL] PJSIP vulnerabilities
Title: PJSIP vulnerabilities
Summary: Several security issues were fixed in PJSIP.
Youngsung Kim discovered that PJSIP did not properly parse numeric header
fields in SIP messages. A remote attacker could use this issue to cause
PJSIP to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-16872)
Peter Koletzki discovered that PJSIP did not properly handle certain
connection requests. A remote attacker could possibly use this issue to
cause PJSIP to enter an unrecoverable state and reject further connections,
resulting in a denial of service. This issue only affected Ubuntu 16.04
LTS. (CVE-2017-16875)
Alfred Farrugia, Sandro Gauci, and Kevin Harwell discovered that PJSIP did
not properly parse certain SDP mess
OSV
pjproject vulnerabilities
osv·2026-03-24·CVSS 9.8
CVE-2017-16872 [CRITICAL] pjproject vulnerabilities
pjproject vulnerabilities
Youngsung Kim discovered that PJSIP did not properly parse numeric header
fields in SIP messages. A remote attacker could use this issue to cause
PJSIP to crash, resulting in a denial of service, or possibly execute
arbitrary code. This issue only affected Ubuntu 16.04 LTS. (CVE-2017-16872)
Peter Koletzki discovered that PJSIP did not properly handle certain
connection requests. A remote attacker could possibly use this issue to
cause PJSIP to enter an unrecoverable state and reject further connections,
resulting in a denial of service. This issue only affected Ubuntu 16.04
LTS. (CVE-2017-16875)
Alfred Farrugia, Sandro Gauci, and Kevin Harwell discovered that PJSIP did
not properly parse certain SDP messages. A remote attacker could possibly
use this issue to c
GHSA
GHSA-chm5-gp28-v8xw: Teluu PJSIP version 2
ghsa_unreviewed·2022-05-14
CVE-2018-1000098 [HIGH] CWE-190 GHSA-chm5-gp28-v8xw: Teluu PJSIP version 2
Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2.
OSV
CVE-2018-1000098: Teluu PJSIP version 2
osv·2018-03-13·CVSS 7.5
CVE-2018-1000098 [HIGH] CVE-2018-1000098: Teluu PJSIP version 2
Teluu PJSIP version 2.7.1 and earlier contains a Integer Overflow vulnerability in pjmedia SDP parsing that can result in Crash. This attack appear to be exploitable via Sending a specially crafted message. This vulnerability appears to have been fixed in 2.7.2.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-1000098 asterisk: segmentation fault occurs in Asterisk with an invalid SDP media format description [epel-6]
bugzilla·2018-02-22·CVSS 7.5
CVE-2018-1000098 [HIGH] CVE-2018-1000098 asterisk: segmentation fault occurs in Asterisk with an invalid SDP media format description [epel-6]
CVE-2018-1000098 asterisk: segmentation fault occurs in Asterisk with an invalid SDP media format description [epel-6]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-6.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
Discussion:
Us
Bugzilla
CVE-2018-1000098 asterisk: segmentation fault occurs in Asterisk with an invalid SDP media format description [fedora-all]
bugzilla·2018-02-22·CVSS 7.5
CVE-2018-1000098 [HIGH] CVE-2018-1000098 asterisk: segmentation fault occurs in Asterisk with an invalid SDP media format description [fedora-all]
CVE-2018-1000098 asterisk: segmentation fault occurs in Asterisk with an invalid SDP media format description [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: t
Bugzilla
CVE-2018-1000098 asterisk: segmentation fault occurs in Asterisk with an invalid SDP media format description
bugzilla·2018-02-22·CVSS 7.5
CVE-2018-1000098 [HIGH] CVE-2018-1000098 asterisk: segmentation fault occurs in Asterisk with an invalid SDP media format description
CVE-2018-1000098 asterisk: segmentation fault occurs in Asterisk with an invalid SDP media format description
A flaw was discovered in Asterisk 13.x, 14.x, 15.x and 13.18. By crafting an SDP message with an invalid media format description Asterisk crashes with a segmentation fault when using the pjsip channel driver because pjproject's sdp parsing algorithm fails to catch the invalid media format description.
References:
http://downloads.asterisk.org/pub/security/AST-2018-002.html
https://issues.asterisk.org/jira/browse/ASTERISK-27582
Patches:
http://downloads.asterisk.org/pub/security/AST-2018-002-13.diff [Asterisk 13]
http://downloads.asterisk.org/pub/security/AST-2018-002-14.diff [Asterisk 14]
http://downloads.asterisk.org/pub/security/AST-2018-002-15.diff [Asterisk 14]
http://down
2018-03-13
Published